Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-08-12 | CVE-2002-0457 | Unspecified vulnerability in BG Guestbook BG Guestbook 1.0 Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message. | 7.6 |
| 2002-08-12 | CVE-2002-0453 | Unspecified vulnerability in Oblix Netpoint 5.2 The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again. | 7.5 |
| 2002-08-12 | CVE-2002-0452 | Unspecified vulnerability in Foundrynet Serveriron Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible. | 7.5 |
| 2002-08-12 | CVE-2002-0451 | Remote File Include vulnerability in PHPprojekt 3.1/3.1A filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter. | 7.5 |
| 2002-08-12 | CVE-2002-0428 | Unspecified vulnerability in Checkpoint Check Point Vpn, Firewall-1 and Next Generation Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file. | 7.5 |
| 2002-08-12 | CVE-2002-0426 | Unspecified vulnerability in Linksys Befvp41 1.01.04/1.39.64/1.40.1 VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys. | 7.5 |
| 2002-08-12 | CVE-2002-0420 | Unspecified vulnerability in Claymore Systems INC Puretls 0.9B1 Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions. | 7.5 |
| 2002-08-12 | CVE-2002-0414 | KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. | 7.5 |
| 2002-08-12 | CVE-2002-0413 | Unspecified vulnerability in Rebb 1.0 Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script. | 7.5 |
| 2002-08-12 | CVE-2002-0412 | Remote Format String vulnerability in Luca Deri Ntop 2.0 Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. | 7.5 |