Latest CVE Feed
-
7.8
HIGHCVE-2002-2309
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.... Read more
Affected Products : php- EPSS Score: %4.18
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2002-2275
Fortres 101 4.1 allows local users to bypass Fortres by pressing the Windows and "F" key together for 30 seconds, which opens multiple windows and eventually causes explorer.exe to crash, which then opens an unrestricted explorer.exe.... Read more
Affected Products : fortres- EPSS Score: %0.06
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2002-2293
Webshots Desktop screensaver allows local users to bypass the password on the screensaver by pressing CTRL-ALT-DELETE and (1) hitting the cancel button or (2) killing the screensaver from the task manager.... Read more
Affected Products : webshots_desktop- EPSS Score: %0.06
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-2295
Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) ... Read more
Affected Products : pico_server- EPSS Score: %23.07
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.8
HIGHCVE-2002-2303
3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data.... Read more
Affected Products : shopfactory- EPSS Score: %0.20
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-2304
SQL injection vulnerability in admin/auth/checksession.php in MyPHPLinks 2.1.9 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the idsession parameter.... Read more
Affected Products : myphplinks- EPSS Score: %0.27
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2002-2298
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.... Read more
Affected Products : thatware- EPSS Score: %1.16
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2002-1802
Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news.... Read more
Affected Products : xoops- EPSS Score: %0.65
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-2181
SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name.... Read more
Affected Products : content_filtering- EPSS Score: %0.34
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2002-1898
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window.... Read more
- EPSS Score: %5.93
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2002-2017
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.... Read more
- EPSS Score: %0.82
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1949
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.... Read more
- EPSS Score: %0.33
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1775
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disp... Read more
Affected Products : norton_antivirus- EPSS Score: %0.53
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-2025
Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of ... Read more
Affected Products : lotus_domino_server- EPSS Score: %1.43
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-2026
Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to execute arbitrary code via a long FTP "220" message reply.... Read more
Affected Products : browseftp_client- EPSS Score: %5.01
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-2031
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler ... Read more
Affected Products : internet_explorer- EPSS Score: %28.99
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1758
PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in.... Read more
Affected Products : phprojekt- EPSS Score: %0.38
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2002-2044
Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action.... Read more
Affected Products : x-stat- EPSS Score: %0.61
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-2109
Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed... Read more
Affected Products : formmail- EPSS Score: %0.43
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-2330
Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers.... Read more
Affected Products : statsplus- EPSS Score: %0.36
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025