Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1921 1 Oracle 1 Mysql 2026-04-16 N/A
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
CVE-2002-1889 1 Logsurfer 1 Logsurfer 2026-04-16 N/A
Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry.
CVE-2002-1892 1 Netgear 1 Fvs318 2026-04-16 N/A
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
CVE-2002-1902 1 Markus Triska 1 Cgiforum 2026-04-16 N/A
CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent.
CVE-2002-1881 1 Macromedia 1 Flash Player 2026-04-16 N/A
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.
CVE-2002-1888 1 Commonname 1 Commonname Toolbar 2026-04-16 N/A
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.
CVE-2002-1960 1 Cybozu 1 Share360 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link.
CVE-2002-1989 1 Caucho Technology 1 Resin 2026-04-16 N/A
Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp.
CVE-2002-2043 1 Cyrus 1 Sasl 2026-04-16 N/A
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
CVE-2002-2048 1 Michael Baumer 1 Pfinger 2026-04-16 N/A
Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability.
CVE-2002-2025 1 Ibm 1 Lotus Domino Server 2026-04-16 N/A
Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to the device name.
CVE-2002-2061 2 Mozilla, Netscape 2 Mozilla, Navigator 2026-04-16 N/A
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
CVE-2002-2070 1 Accessdata 1 Secureclean 2026-04-16 7.5 High
SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
CVE-2002-2079 2 Mosix Project, Openmosix Project 2 Mosix, Openmosix 2026-04-16 N/A
mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets.
CVE-2002-2092 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-16 N/A
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
CVE-2002-2133 1 Telindus 1 1120 Adsl Router 2026-04-16 N/A
Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password.
CVE-2002-2152 1 Software602 1 602pro Lan Suite 2026-04-16 N/A
The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected.
CVE-2002-2153 1 Oracle 1 Application Server 2026-04-16 N/A
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.
CVE-2002-2154 1 Monkey-project 1 Monkey 2026-04-16 N/A
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
CVE-2002-2162 1 Cerulean Studios 1 Trillian 2026-04-16 N/A
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.