CVE List

Id CVE No. Status Description Phase Votes Comments Actions
5267  CVE-2002-0877  Candidate  Directory traversal vulnerability in the FTP server for Shambala 4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) LIST (ls) or (2) GET commands.  Proposed (20020830)  ACCEPT(1) Frech | NOOP(6) Alderson, Armstrong, Cole, Cox, Foat, Jones    View
5291  CVE-2002-0902  Candidate  Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB"s security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.  Proposed (20020830)  ACCEPT(1) Frech | NOOP(6) Alderson, Armstrong, Cole, Cox, Foat, Jones    View
5304  CVE-2002-0915  Candidate  autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file.  Proposed (20020830)  ACCEPT(1) Frech | NOOP(6) Alderson, Armstrong, Cole, Cox, Foat, Jones    View
4645  CVE-2002-0253  Candidate  PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.  Proposed (20020502)  ACCEPT(1) Frech | NOOP(6) Armstrong, Christey, Cole, Cox, Foat, Wall  Christey> Is this another case when PHP leaks path information by design, | as supported by "display_errors" option? Then the | vulnerability (rather, exposure) would be in the use of the | display_errors option itself, whose implications may include | this particular scenario. | CHANGE> [Cox changed vote from REVIEWING to NOOP]  View
5467  CVE-2002-1080  Candidate  The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl.  Modified (20071016)  ACCEPT(1) Frech | NOOP(6) Armstrong, Christey, Cole, Cox, Foat, Wall  Frech> CONFIRM:http://www.aprelium.com/news/patch1033.html | Christey> CONFIRM:http://www.aprelium.com/news/patch1033.html  View

Page 719 of 20943, showing 5 records out of 104715 total, starting on record 3591, ending on 3595

Actions