Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1856 1 Hp 1 Application Server 2026-04-16 N/A
HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1857 1 Jo 1 Jo Webserver 2026-04-16 N/A
jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1859 1 Orionserver 1 Orion Application Server 2026-04-16 N/A
Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1860 1 Pramati 1 Pramati Server 2026-04-16 N/A
Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1861 1 Sybase 1 Easerver 2026-04-16 N/A
Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1862 1 Virtualzone 1 Smartmail Server 2026-04-16 N/A
SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent.
CVE-2002-1864 1 Sws 1 Sws Simple Web Server 2026-04-16 N/A
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP request.
CVE-2002-1868 1 Daniel Stenberg 1 Dispair 2026-04-16 N/A
Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.
CVE-2002-1871 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.
CVE-2002-1878 1 W-agora 1 W-agora 2026-04-16 N/A
PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter.
CVE-2002-1879 1 Lokwa 1 Lokwabb 2026-04-16 N/A
SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php.
CVE-2002-1881 1 Macromedia 1 Flash Player 2026-04-16 N/A
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.
CVE-2002-1883 1 Trolltech 1 Qt Assistant 2026-04-16 N/A
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service.
CVE-2002-1884 1 Py-membres 1 Py-membres 2026-04-16 N/A
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin".
CVE-2002-1885 1 Powerphlogger 1 Powerphlogger 2026-04-16 N/A
PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter.
CVE-2002-1886 1 Tightauction 1 Tightauction 2026-04-16 N/A
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.
CVE-2002-1887 1 Gregory Kokanosky 1 Phpmynewsletter 2026-04-16 N/A
PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.
CVE-2002-1888 1 Commonname 1 Commonname Toolbar 2026-04-16 N/A
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.
CVE-2002-1893 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message.
CVE-2002-1894 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.