CyberSecurityBoard
Sponsor Register Login

CVE-2002-1841

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.

Publication date: Tue, 31 Dec 2002 11:00:00 +0000


Cyber News related to CVE-2002-1841

CVE-2005-1912 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1841. Reason: This candidate is a duplicate of CVE-2005-1841. Notes: this duplicate occurred as a result of separate assignments by multiple CNAs, one to the researcher and one ...
55 years ago Tenable.com
CVE-2002-1841 - The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4. ...
1 year ago
CVE-2002-0192 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0193, CVE-2002-1564. Reason: This candidate was published with a description that identified a different vulnerability than what was identified in the original authoritative ...
55 years ago Tenable.com
CVE-2008-1841 - SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the ...
7 years ago
CVE-2007-2524 - Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 ...
6 years ago
CVE-2021-1841 - A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. An out-of-bounds write issue was addressed with improved bounds checking. ...
3 years ago
CVE-2005-1841 - The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it. ...
16 years ago
CVE-2010-1841 - Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image. ...
14 years ago
CVE-2014-1841 - Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter. ...
9 years ago
CVE-2015-1841 - The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. ...
9 years ago
CVE-2004-1841 - SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request. ...
7 years ago
CVE-2011-1841 - Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
7 years ago
CVE-2013-1841 - Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter. ...
7 years ago
CVE-2007-1841 - The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages. ...
7 years ago
CVE-2012-1841 - Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote ...
7 years ago
CVE-2006-1841 - Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field. ...
6 years ago
CVE-2009-1841 - js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by ...
6 years ago
CVE-2016-1841 - libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. ...
5 years ago
CVE-2018-1841 - IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901. ...
5 years ago
CVE-2019-1841 - A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of ...
5 years ago
CVE-2020-1841 - Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and ...
3 years ago
CVE-2022-1841 - In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. ...
2 years ago
CVE-2017-1841 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
CVE-2023-1841 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior ...
9 months ago
CVE-2024-1841 - The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for ...
9 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)