Export limit exceeded: 344947 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344947 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1039 | 1 Michael Dean | 1 Double Choco Latte | 2026-04-16 | N/A |
| Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature. | ||||
| CVE-2002-1076 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. | ||||
| CVE-2002-1080 | 1 Aprelium Technologies | 1 Abyss Web Server | 2026-04-16 | N/A |
| The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl. | ||||
| CVE-2000-0840 | 1 Davide Libenzi | 1 Xmail | 2026-04-16 | N/A |
| Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long USER command. | ||||
| CVE-2002-1111 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted. | ||||
| CVE-2002-1120 | 1 Savant | 1 Savant Web Server | 2026-04-16 | N/A |
| Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | ||||
| CVE-2002-1146 | 2 Gnu, Redhat | 3 Glibc, Enterprise Linux, Linux | 2026-04-16 | N/A |
| The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). | ||||
| CVE-2002-1154 | 2 Redhat, Stephen Turner | 2 Powertools, Analog | 2026-04-16 | N/A |
| anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. | ||||
| CVE-2002-1187 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. | ||||
| CVE-2002-1196 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. | ||||
| CVE-2002-1216 | 2 Gnu, Redhat | 3 Tar, Enterprise Linux, Linux | 2026-04-16 | N/A |
| GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. | ||||
| CVE-2002-1217 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. | ||||
| CVE-2002-1226 | 1 Kth | 1 Heimdal | 2026-04-16 | N/A |
| Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225). | ||||
| CVE-2002-1239 | 1 Qnx | 1 Rtos | 2026-04-16 | N/A |
| QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program. | ||||
| CVE-2002-1248 | 1 Northern Solutions | 1 Xeneo Web Server | 2026-04-16 | N/A |
| Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI. | ||||
| CVE-2002-1254 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods." | ||||
| CVE-2002-1257 | 1 Microsoft | 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more | 2026-04-16 | N/A |
| Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. | ||||
| CVE-2002-1265 | 3 Apple, Gnu, Sgi | 4 Mac Os X, Mac Os X Server, Glibc and 1 more | 2026-04-16 | N/A |
| The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). | ||||
| CVE-2002-1276 | 2 Redhat, Squirrelmail | 2 Linux, Squirrelmail | 2026-04-16 | N/A |
| An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. | ||||
| CVE-2002-1284 | 1 Kgpg | 1 Kgpg | 2026-04-16 | N/A |
| The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read. | ||||