Export limit exceeded: 345573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345573 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2086 | 1 Squirrelmail | 1 Squirrelmail | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. | ||||
| CVE-2002-2088 | 1 Mosix Project | 1 Clump Os | 2026-04-16 | N/A |
| The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access. | ||||
| CVE-2002-2089 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument. | ||||
| CVE-2002-2090 | 1 Caucho Technology | 1 Resin | 2026-04-16 | N/A |
| Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp. | ||||
| CVE-2002-2091 | 1 Decfingerd | 1 Decfingerd | 2026-04-16 | N/A |
| Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request. | ||||
| CVE-2002-2092 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2026-04-16 | N/A |
| Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. | ||||
| CVE-2002-2093 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is set to "Output Video", allows attackers to access a console session by running videoout then videoin. | ||||
| CVE-2002-2094 | 1 Joetesta | 1 Hellbent | 2026-04-16 | N/A |
| Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct. | ||||
| CVE-2002-2095 | 1 Joe Testa | 1 Hellbent | 2026-04-16 | N/A |
| Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow. | ||||
| CVE-2002-2097 | 1 Maradns | 1 Maradns | 2026-04-16 | N/A |
| The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets. | ||||
| CVE-2002-2098 | 1 Axspawn | 1 Axspawn | 2026-04-16 | N/A |
| Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets. | ||||
| CVE-2002-2099 | 1 Gnu | 1 Data Display Debugger | 2026-04-16 | N/A |
| Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE. | ||||
| CVE-2002-2100 | 1 Microsoft | 1 Outlook | 2026-04-16 | N/A |
| Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. | ||||
| CVE-2002-2101 | 1 Microsoft | 1 Outlook | 2026-04-16 | N/A |
| Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. | ||||
| CVE-2002-2102 | 1 Jcraft | 1 Jzlib | 2026-04-16 | N/A |
| InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data. | ||||
| CVE-2002-2103 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. | ||||
| CVE-2002-2104 | 1 Ganglia | 1 Php Rrd Web Client | 2026-04-16 | N/A |
| graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function. | ||||
| CVE-2002-2107 | 1 Veridis | 1 Openkeyserver | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the lookup script in Veridis OpenKeyServer (OKS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2002-2108 | 1 Sony | 1 Vaio Manual Cybersupport | 2026-04-16 | N/A |
| Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail. | ||||
| CVE-2002-2109 | 1 Matt Wright | 1 Formmail | 2026-04-16 | N/A |
| Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer. | ||||