Export limit exceeded: 359631 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359631 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1680 | 1 Cows | 1 Cgi Online Worldweb Shopping | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi. | ||||
| CVE-2002-1681 | 1 Open Source Development Network | 1 Slashcode | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph <P> tag. | ||||
| CVE-2002-1682 | 1 Daansystems | 1 Newsreactor | 2026-04-16 | 5.5 Medium |
| NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts. | ||||
| CVE-2002-1683 | 1 Working Resources Inc. | 1 Badblue | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function. | ||||
| CVE-2002-1685 | 1 Working Resources Inc. | 1 Badblue | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI. | ||||
| CVE-2002-1691 | 1 Alcatel-lucent | 1 Omnipcx | 2026-04-16 | N/A |
| Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access. | ||||
| CVE-2002-1692 | 1 Microsoft | 1 Windows 95 | 2026-04-16 | N/A |
| Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. | ||||
| CVE-2002-1694 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. | ||||
| CVE-2002-1705 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight. | ||||
| CVE-2002-1698 | 1 Microsoft | 1 Msn Messenger | 2026-04-16 | N/A |
| Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header. | ||||
| CVE-2002-1700 | 2 Macromedia, Microsoft | 3 Coldfusion, Internet Information Services, Windows 2000 | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | ||||
| CVE-2002-1702 | 1 Deltascripts | 1 Php Classifieds | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter. | ||||
| CVE-2002-1703 | 1 Mewsoft | 1 Netauction | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter. | ||||
| CVE-2002-1704 | 1 Zeroboard | 1 Zeroboard | 2026-04-16 | N/A |
| Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2002-1707 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2002-1708 | 1 Basilix | 1 Basilix Webmail | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields. | ||||
| CVE-2002-1709 | 1 Basilix | 1 Basilix Webmail | 2026-04-16 | N/A |
| SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable. | ||||
| CVE-2002-1711 | 1 Basilix | 1 Basilix Webmail | 2026-04-16 | N/A |
| BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments. | ||||
| CVE-2002-1713 | 1 Mandrakesoft | 1 Mandrake Linux | 2026-04-16 | 5.5 Medium |
| The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | ||||
| CVE-2002-1716 | 1 Microsoft | 1 Office | 2026-04-16 | N/A |
| The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. | ||||