Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2090 1 Caucho Technology 1 Resin 2026-04-16 N/A
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.
CVE-2002-2023 1 Yamaguchi 1 Shingo Beep2 2026-04-16 N/A
The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors.
CVE-2002-2019 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.
CVE-2002-2020 1 Netgear 1 Rp114 2026-04-16 N/A
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed.
CVE-2002-2029 1 Apache 1 Http Server 2026-04-16 N/A
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
CVE-2002-2030 1 Sqldata 1 Sqldata Enterprise Server 2026-04-16 N/A
Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows remote attacker to execute arbitrary code and cause a denial of service via a long HTTP request.
CVE-2002-2031 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
CVE-2002-2033 1 Faqmanager 1 Faqmanager.cgi 2026-04-16 N/A
faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).
CVE-2002-2091 1 Decfingerd 1 Decfingerd 2026-04-16 N/A
Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request.
CVE-2002-2032 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.
CVE-2002-2049 1 Dug Song 3 Dsniff, Fragroute, Fragrouter 2026-04-16 N/A
configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when downloaded from monkey.org on May 17, 2002, has been modified to contain a backdoor, which allows remote attackers to access the system.
CVE-2002-2050 1 Modlogan 1 Modlogan 2026-04-16 N/A
Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry.
CVE-2002-2102 1 Jcraft 1 Jzlib 2026-04-16 N/A
InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.
CVE-2002-2058 1 Teekai 1 Tracking Online 2026-04-16 7.5 High
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
CVE-2002-2056 1 Teekai 1 Teekai Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows remote attackers to inject arbitrary web script or HTML via the valid_username_online cookie.
CVE-2002-2068 1 Tolvanen 1 Eraser 2026-04-16 7.5 High
Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
CVE-2002-2072 1 Sun 1 Jre 2026-04-16 N/A
java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.
CVE-2002-2074 1 Erwin Lansing 1 Mailidx 2026-04-16 N/A
SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page.
CVE-2002-2075 1 Mirabilis 1 Icq 2026-04-16 N/A
ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.
CVE-2002-2113 1 Agh 1 Htmlsearch 2026-04-16 N/A
search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter.