CVE List

Id CVE No. Status Description Phase Votes Comments Actions
5699  CVE-2002-1315  Candidate  Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).  Modified (20071014)  ACCEPT(1) Baker | NOOP(3) Cole, Cox, Wall | REVIEWING(1) Green    View
5700  CVE-2002-1316  Candidate  importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).  Modified (20071014)  ACCEPT(1) Baker | NOOP(4) Christey, Cole, Cox, Wall | REVIEWING(1) Green  Christey> fix typo: "paramatar"  View
5726  CVE-2002-1342  Candidate  Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands.  Modified (20071014)  ACCEPT(2) Cole, Green | NOOP(1) Cox    View
5729  CVE-2002-1345  Candidate  Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.  Modified (20071014)  ACCEPT(3) Baker, Cole, Wall | MODIFY(1) Frech | NOOP(1) Cox  Frech> XF:ftp-client-filename-traversal(10821)  View
6925  CVE-2003-0096  Candidate  Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.  Modified (20071016)  ACCEPT(4) Baker, Cole, Frech, Wall | NOOP(2) Christey, Cox  Christey> Modify the description to omit 8.0.6, as the Oracle advisory | does not list it. (However, NGSSoftware does, perhaps as the | result of a typo or cut-and-paste error in their advisory). | | CIAC:N-046 | URL:http://www.ciac.org/ciac/bulletins/n-046.shtml | BID:6850 | URL:http://www.securityfocus.com/bid/6850 | BID:6847 | URL:http://www.securityfocus.com/bid/6847 | BID:6848 | URL:http://www.securityfocus.com/bid/6848 | MISC:http://www.nextgenss.com/advisories/ora-bfilebo.txt | MISC:http://www.nextgenss.com/advisories/ora-tzofstbo.txt | MISC:http://www.nextgenss.com/advisories/ora-tmstmpbo.txt  View

Page 20471 of 20943, showing 5 records out of 104715 total, starting on record 102351, ending on 102355

Actions