Export limit exceeded: 350479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0917 | 1 Cgiscript.net | 1 Cspassword | 2026-04-16 | N/A |
| CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users. | ||||
| CVE-2002-0918 | 1 Cgiscript.net | 1 Cspassword | 2026-04-16 | N/A |
| CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error. | ||||
| CVE-2002-0919 | 1 Cgiscript.net | 1 Cspassword | 2026-04-16 | N/A |
| CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page. | ||||
| CVE-2002-0920 | 1 Cgiscript.net | 1 Cspassword | 2026-04-16 | N/A |
| CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed. | ||||
| CVE-2002-0936 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | ||||
| CVE-2002-0937 | 1 Macromedia | 1 Jrun | 2026-04-16 | N/A |
| The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | ||||
| CVE-2002-0938 | 1 Cisco | 1 Secure Access Control Server | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. | ||||
| CVE-2002-0956 | 1 Iss | 1 Blackice Agent | 2026-04-16 | N/A |
| BlackICE Agent 3.1.eal does not always reactivate after a system standby, which could allow remote attackers and local users to bypass intended firewall restrictions. | ||||
| CVE-2002-2199 | 1 Freebsd | 1 Advanced Intrusion Detection Environment | 2026-04-16 | N/A |
| The default aide.conf file in Advanced Intrusion Detection Environment (AIDE) before 0.7_1 on FreeBSD before 2002-08-28 does not properly check subdirectories, which could allow local users to bypass detection. | ||||
| CVE-2002-0957 | 1 Iss | 1 Blackice Agent | 2026-04-16 | N/A |
| The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user. | ||||
| CVE-2002-0958 | 1 Ekilat Llc | 1 Php\(reactor\) | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section. | ||||
| CVE-2002-0962 | 1 Geeklog | 1 Geeklog | 2026-04-16 | N/A |
| Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php. | ||||
| CVE-2002-0963 | 1 Geeklog | 1 Geeklog | 2026-04-16 | N/A |
| SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter. | ||||
| CVE-2002-2203 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information. | ||||
| CVE-2002-2206 | 1 Symantec | 1 Norton Antivirus | 2026-04-16 | N/A |
| The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries. | ||||
| CVE-2002-0980 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL. | ||||
| CVE-2002-0981 | 1 Caldera | 2 Openunix, Unixware | 2026-04-16 | N/A |
| Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line. | ||||
| CVE-2002-0982 | 1 Microsoft | 1 Sql Server | 2026-04-16 | N/A |
| Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. | ||||
| CVE-2002-0983 | 1 Irssi | 1 Irssi | 2026-04-16 | N/A |
| IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow. | ||||
| CVE-2002-0984 | 1 Light | 1 Light | 2026-04-16 | N/A |
| The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code. | ||||