Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0170 2 Redhat, Zope 2 Powertools, Zope 2025-04-03 N/A
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
CVE-2002-0178 2 Gnu, Redhat 3 Sharutils, Enterprise Linux, Linux 2025-04-03 N/A
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
CVE-2002-0181 1 Horde 2 Horde, Imp 2025-04-03 N/A
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
CVE-2002-0193 1 Microsoft 1 Internet Explorer 2025-04-03 N/A
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
CVE-2002-0203 1 Tarantella 1 Tarantella Enterprise 2025-04-03 N/A
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.
CVE-2002-0204 1 Gnu 1 Chess 2025-04-03 N/A
Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.
CVE-2002-0205 1 Plumtree 1 Plumtree Corporate Portal 2025-04-03 N/A
Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.
CVE-2002-0212 1 Hosting Controller 1 Hosting Controller 2025-04-03 N/A
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.
CVE-2002-0210 1 Tolis Group 1 Bru 2025-04-03 N/A
setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file.
CVE-2002-0220 1 Phpsmssend 1 Phpsmssend 2025-04-03 N/A
phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters.
CVE-2002-0221 1 Etype 1 Eserv 2025-04-03 N/A
Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV.
CVE-2002-0222 1 Etype 1 Eserv 2025-04-03 N/A
Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.
CVE-2002-0234 1 Juniper 1 Netscreen Screenos 2025-04-03 N/A
NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections.
CVE-2002-0238 1 Netgear 1 Rt314 2025-04-03 N/A
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.
CVE-2002-0243 1 Opera Software 1 Opera Web Browser 2025-04-03 N/A
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
CVE-2002-0251 1 Licq 1 Licq 2025-04-03 N/A
Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d".
CVE-2002-0247 1 Wliang 1 Wmtv 2025-04-03 N/A
Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges.
CVE-2002-0249 1 Apache 1 Http Server 2025-04-03 N/A
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
CVE-2002-0261 1 Instantservers Inc. 1 Miniportal 2025-04-03 N/A
Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command.
CVE-2002-0268 1 Identix 1 Biologon 2025-04-03 N/A
Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges.