CVE List
Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
---|---|---|---|---|---|---|---|
5267 | CVE-2002-0877 | Candidate | Directory traversal vulnerability in the FTP server for Shambala 4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) LIST (ls) or (2) GET commands. | Proposed (20020830) | ACCEPT(1) Frech | NOOP(6) Alderson, Armstrong, Cole, Cox, Foat, Jones | View | |
5291 | CVE-2002-0902 | Candidate | Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB"s security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. | Proposed (20020830) | ACCEPT(1) Frech | NOOP(6) Alderson, Armstrong, Cole, Cox, Foat, Jones | View | |
5304 | CVE-2002-0915 | Candidate | autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file. | Proposed (20020830) | ACCEPT(1) Frech | NOOP(6) Alderson, Armstrong, Cole, Cox, Foat, Jones | View | |
4645 | CVE-2002-0253 | Candidate | PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. | Proposed (20020502) | ACCEPT(1) Frech | NOOP(6) Armstrong, Christey, Cole, Cox, Foat, Wall | Christey> Is this another case when PHP leaks path information by design, | as supported by "display_errors" option? Then the | vulnerability (rather, exposure) would be in the use of the | display_errors option itself, whose implications may include | this particular scenario. | CHANGE> [Cox changed vote from REVIEWING to NOOP] | View |
5467 | CVE-2002-1080 | Candidate | The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl. | Modified (20071016) | ACCEPT(1) Frech | NOOP(6) Armstrong, Christey, Cole, Cox, Foat, Wall | Frech> CONFIRM:http://www.aprelium.com/news/patch1033.html | Christey> CONFIRM:http://www.aprelium.com/news/patch1033.html | View |
Page 719 of 20943, showing 5 records out of 104715 total, starting on record 3591, ending on 3595