Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-08-12 | CVE-2002-0739 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postcalendar 3.0 Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page. | 7.5 |
| 2002-08-12 | CVE-2002-0738 | Unspecified vulnerability in Mhonarc 2.5/2.5.1/2.5.2 MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax. | 7.5 |
| 2002-08-12 | CVE-2002-0735 | Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages. | 7.5 |
| 2002-08-12 | CVE-2002-0734 | Remote Command Execution vulnerability in Michel Valdrighi B2 0.6Pre b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server. | 7.5 |
| 2002-08-12 | CVE-2002-0733 | Cross-Site Scripting vulnerability in Acme Labs Thttpd 2.20B Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message. | 7.5 |
| 2002-08-12 | CVE-2002-0731 | Unspecified vulnerability in Vqsoft Vqserver Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl. | 7.5 |
| 2002-08-12 | CVE-2002-0730 | Unspecified vulnerability in Philip Chinery Philip Chinerys Guestbook 1.1 Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage. | 7.5 |
| 2002-08-12 | CVE-2002-0719 | SQL Injection vulnerability in Microsoft Content Management Server 2001 SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. | 7.5 |
| 2002-08-12 | CVE-2002-0718 | Unspecified vulnerability in Microsoft Content Management Server 2001 Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." | 7.5 |
| 2002-08-12 | CVE-2002-0700 | Buffer Overflow vulnerability in Microsoft Content Management Server 2001 Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." | 7.5 |