Monthly Archive: March 2003

CVE-2002-1460

L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary...

CVE-2002-1459

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail,...

CVE-2002-1458

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail,...

CVE-2002-1454

MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message. Date...

CVE-2002-1453

Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error...

CVE-2002-1451

Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "" (backslash) character. Date...

CVE-2002-1450

IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow. Date published...