Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0234 | 1 Juniper | 1 Netscreen Screenos | 2025-04-03 | N/A |
| NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections. | ||||
| CVE-2002-0261 | 1 Instantservers Inc. | 1 Miniportal | 2025-04-03 | N/A |
| Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command. | ||||
| CVE-2002-0268 | 1 Identix | 1 Biologon | 2025-04-03 | N/A |
| Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges. | ||||
| CVE-2002-0286 | 1 Sitenews | 1 Sitenews | 2025-04-03 | N/A |
| The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user. | ||||
| CVE-2002-0297 | 1 Nombas | 1 Scriptease Webserver | 2025-04-03 | N/A |
| Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request. | ||||
| CVE-2002-0299 | 1 Cnet | 1 Catchup | 2025-04-03 | N/A |
| CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan. | ||||
| CVE-2002-0321 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks. | ||||
| CVE-2002-0328 | 1 Ikonboard.com | 1 Ikonboard | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote attackers to execute arbitrary script as other Ikonboard users and steal cookies via Javascript in an IMG tag. | ||||
| CVE-2002-0446 | 1 Black Tie Project | 1 Black Tie Project | 2025-04-03 | N/A |
| categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message. | ||||
| CVE-2005-2336 | 1 Hiki | 1 Hiki | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803. | ||||
| CVE-2002-0533 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | ||||
| CVE-2005-2342 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Router | 2025-04-03 | N/A |
| Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing Protocol (SRP) packets. | ||||
| CVE-2002-0614 | 1 Php-survey | 1 Php-survey | 2025-04-03 | N/A |
| PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server. | ||||
| CVE-2002-0615 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | N/A |
| The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". | ||||
| CVE-2002-0616 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | N/A |
| The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." | ||||
| CVE-2002-0642 | 1 Microsoft | 2 Msde, Sql Server | 2025-04-03 | N/A |
| The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." | ||||
| CVE-2002-0644 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | N/A |
| Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. | ||||
| CVE-2002-0652 | 1 Sgi | 1 Irix | 2025-04-03 | N/A |
| xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs(). | ||||
| CVE-2002-0675 | 1 Pingtel | 1 Xpressa | 2025-04-03 | N/A |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone. | ||||
| CVE-2002-0678 | 7 Caldera, Compaq, Hp and 4 more | 9 Openunix, Unixware, Tru64 and 6 more | 2025-04-03 | N/A |
| CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. | ||||