Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0487 1 Workforceroi 1 Xpede 2026-04-16 N/A
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
CVE-2002-0488 1 Linux Directory Penguin 1 Linux Directory Penguin Traceroute 2026-04-16 N/A
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.
CVE-2002-0489 1 Linux Directory Penguin 1 Nslookup 2026-04-16 N/A
Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.
CVE-2002-0490 1 Instant Web Mail 1 Instant Web Mail 2026-04-16 N/A
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
CVE-2004-0698 1 4d 1 Webstar 2026-04-16 N/A
4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.
CVE-2002-0492 1 Dcscripts 1 Dcshop 2026-04-16 N/A
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
CVE-2002-0494 1 Websight Directory System 1 Websight Directory System 2026-04-16 N/A
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.
CVE-2002-0496 1 Southwest 1 Southwest 2026-04-16 N/A
The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.
CVE-2002-0497 1 Mtr 1 Mtr 2026-04-16 N/A
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
CVE-2002-0498 1 Etnus 1 Totalview 2026-04-16 N/A
Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.
CVE-2002-0499 1 Linux 1 Linux Kernel 2026-04-16 N/A
The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.
CVE-2002-0501 1 Posadis 1 Posadis 2026-04-16 N/A
Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.
CVE-2002-0502 1 Citrix 1 Nfuse 2026-04-16 N/A
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
CVE-2002-0503 1 Citrix 1 Nfuse 2026-04-16 N/A
Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter.
CVE-2002-0504 1 Citrix 1 Nfuse 2026-04-16 N/A
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
CVE-2002-0505 1 Cisco 1 Call Manager 2026-04-16 N/A
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.
CVE-2002-0506 1 Redhat 1 Linux 2026-04-16 N/A
Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.
CVE-2002-0508 1 Wwwisis 1 Wwwisis 2026-04-16 N/A
wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog.
CVE-2002-0512 1 Caldera 2 Openlinux Server, Openlinux Workstation 2026-04-16 N/A
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.
CVE-2002-0516 1 Squirrelmail 1 Squirrelmail 2026-04-16 N/A
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.