Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1147 1 Hp 1 Procurve Switch 4000m 2026-04-16 N/A
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.
CVE-2002-1148 2 Apache, Redhat 3 Tomcat, Rhel Stronghold, Stronghold 2026-04-16 N/A
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
CVE-2002-1149 1 Invision Power Services 1 Invision Board 2026-04-16 N/A
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
CVE-2002-1150 1 Microsoft 1 Netmeeting 2026-04-16 N/A
The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document.
CVE-2002-1156 1 Apache 1 Http Server 2026-04-16 N/A
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
CVE-2002-1225 1 Kth 1 Heimdal 2026-04-16 N/A
Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.
CVE-2002-1474 1 Hp 1 Tru64 2026-04-16 N/A
Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.
CVE-2002-1503 1 Afd 1 Afd 2026-04-16 N/A
Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.
CVE-2002-1669 1 Freebsd 1 Freebsd 2026-04-16 N/A
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.
CVE-2002-1671 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object.
CVE-2002-1688 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
CVE-2002-1689 1 Ibm 1 Aix 2026-04-16 N/A
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.
CVE-2002-1711 1 Basilix 1 Basilix Webmail 2026-04-16 N/A
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
CVE-2002-1714 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
CVE-2002-1723 1 Powerboards 1 Powerboards 2026-04-16 N/A
Powerboards 2.2b allows remote attackers to view the full path to the backend database by sending a cookie containing a non-existent username to profiles.php, which displays the full path in the error message.
CVE-2002-1732 1 Actinic 1 Actinic Catalog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl.
CVE-2002-1741 1 Alt-n 1 Worldclient 2026-04-16 N/A
Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter.
CVE-2002-2036 1 Sun 1 Ray Server Software 2026-04-16 N/A
Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client.
CVE-2002-2039 1 Qnx 1 Rtos 2026-04-16 N/A
/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV (invalid memory reference) signal.
CVE-2002-2040 1 Qnx 1 Rtos 2026-04-16 N/A
The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.