Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1113 1 Mantis 1 Mantis 2026-04-16 N/A
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
CVE-2002-1114 1 Mantis 1 Mantis 2026-04-16 N/A
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
CVE-2002-1115 1 Mantis 1 Mantis 2026-04-16 N/A
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
CVE-2002-1116 1 Mantis 1 Mantis 2026-04-16 N/A
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
CVE-2002-1117 1 Symantec Veritas 1 Backup Exec 2026-04-16 N/A
Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
CVE-2002-1118 1 Oracle 2 Oracle8i, Oracle9i 2026-04-16 N/A
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
CVE-2002-1119 2 Python, Redhat 3 Python, Enterprise Linux, Linux 2026-04-16 N/A
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
CVE-2002-1128 1 Digital 2 Osf 1, Ultrix 2026-04-16 N/A
Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable.
CVE-2002-1129 2 Compaq, Digital 2 Tru64, Osf 1 2026-04-16 N/A
Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.
CVE-2002-1132 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2026-04-16 N/A
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
CVE-2002-1133 1 Funsoft 1 Dinos Webserver 2026-04-16 N/A
Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters.
CVE-2002-1134 1 Hp 1 Webes Service Tools 2026-04-16 N/A
Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files.
CVE-2002-1135 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.
CVE-2002-1177 1 Nullsoft 1 Winamp 2026-04-16 N/A
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
CVE-2002-1139 1 Microsoft 3 Windows 98 Plus Pack, Windows Me, Windows Xp 2026-04-16 N/A
The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."
CVE-2002-1140 1 Microsoft 1 Services 2026-04-16 N/A
The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
CVE-2002-1141 1 Microsoft 1 Services 2026-04-16 N/A
An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
CVE-2002-1142 1 Microsoft 3 Data Access Components, Ie, Internet Explorer 2026-04-16 N/A
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
CVE-2002-1143 1 Microsoft 2 Excel, Word 2026-04-16 N/A
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
CVE-2002-1178 1 Jetty 1 Jetty Http Server 2026-04-16 N/A
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.