Export limit exceeded: 363673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0567 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2026-04-16 N/A
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
CVE-2002-0568 1 Oracle 3 Application Server, Oracle8i, Oracle9i 2026-04-16 N/A
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
CVE-2002-0569 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).
CVE-2002-0570 1 Linux 1 Linux Kernel 2026-04-16 N/A
The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.
CVE-2002-0573 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
CVE-2002-0576 1 Allaire 1 Coldfusion Server 2026-04-16 N/A
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
CVE-2002-0577 1 Hp 1 Hp-ux 2026-04-16 N/A
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.
CVE-2002-0578 1 Aci 1 4d Webserver 2026-04-16 N/A
Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password.
CVE-2002-0579 1 Workforceroi 1 Xpede 2026-04-16 N/A
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password.
CVE-2002-0580 1 Workforceroi 1 Xpede 2026-04-16 N/A
WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.
CVE-2002-0581 1 Workforceroi 1 Xpede 2026-04-16 N/A
WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script.
CVE-2002-0583 1 Workforceroi 1 Xpede 2026-04-16 N/A
WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack.
CVE-2002-0584 1 Workforceroi 1 Xpede 2026-04-16 N/A
WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet.
CVE-2002-0585 1 Hp 1 Hp-ux 2026-04-16 N/A
Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service.
CVE-2002-0586 1 Aol 1 Aol Server 2026-04-16 N/A
Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters.
CVE-2002-0587 1 Aol 1 Aol Server 2026-04-16 N/A
Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters.
CVE-2002-0588 1 Steve Korbett 1 Pvote 2026-04-16 N/A
PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.
CVE-2002-0600 2 Kth, Luke Mewburn 2 Kth Kerberos, Lukemftp 2026-04-16 N/A
Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.
CVE-2002-0601 1 Information Security Systems 1 Realsecure Network Sensor 2026-04-16 N/A
ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer.
CVE-2002-0602 1 Snapgear 1 Snapgear Lite\+ Firewall 2026-04-16 N/A
Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port.