Export limit exceeded: 364785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0386 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | ||||
| CVE-2002-0387 | 1 Sun | 1 One Application Server | 2026-04-16 | N/A |
| Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. | ||||
| CVE-2002-0389 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2026-04-16 | N/A |
| Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. | ||||
| CVE-2002-1880 | 1 Lokwa | 1 Lokwabb | 2026-04-16 | N/A |
| LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php. | ||||
| CVE-2002-0393 | 1 Red-m | 1 1050ap Lan Acess Point | 2026-04-16 | N/A |
| Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password. | ||||
| CVE-2002-0394 | 1 Red-m | 1 1050ap Lan Acess Point | 2026-04-16 | N/A |
| Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords. | ||||
| CVE-2002-0395 | 1 Red-m | 1 1050ap Lan Acess Point | 2026-04-16 | N/A |
| The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods. | ||||
| CVE-2002-0396 | 1 Red-m | 1 1050ap Lan Acess Point | 2026-04-16 | N/A |
| The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. | ||||
| CVE-2002-0397 | 1 Red-m | 1 1050ap Lan Acess Point | 2026-04-16 | N/A |
| Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. | ||||
| CVE-2002-0408 | 1 Lotus | 1 Domino | 2026-04-16 | N/A |
| htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. | ||||
| CVE-2002-0409 | 1 Microsoft | 1 .net Framework | 2026-04-16 | N/A |
| orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. | ||||
| CVE-2002-0410 | 1 Aeromail | 1 Aeromail | 2026-04-16 | N/A |
| send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded. | ||||
| CVE-2002-0411 | 1 Aeromail | 1 Aeromail | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line. | ||||
| CVE-2002-0412 | 1 Luca Deri | 1 Ntop | 2026-04-16 | N/A |
| Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. | ||||
| CVE-2002-0413 | 1 Rebb | 1 Rebb | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script. | ||||
| CVE-2002-0414 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2026-04-16 | N/A |
| KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. | ||||
| CVE-2002-0415 | 1 Realnetworks | 1 Realplayer | 2026-04-16 | N/A |
| Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275. | ||||
| CVE-2002-0416 | 1 Sh39 | 1 Mailserver | 2026-04-16 | N/A |
| Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port. | ||||
| CVE-2002-0417 | 1 Endymion | 1 Mailman Webmail | 2026-04-16 | N/A |
| Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs. | ||||
| CVE-2002-0418 | 1 Endymion | 1 Sake Mail | 2026-04-16 | N/A |
| Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter. | ||||