Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2002-2384

    hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.... Read more

    Affected Products : hotfoon
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2375

    Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear ... Read more

    Affected Products : communigate_pro
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2417

    acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.... Read more

    Affected Products : acftp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1730

    ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true".... Read more

    Affected Products : aspjar_guestbook
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1932

    Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users an... Read more

    Affected Products : windows_2000 windows_xp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1617

    Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to execute arbitrary code via (1) a long -contextDir argument to dtaction, (2) a long -p argument to dtprintinfo, (3) a long -customization argument to dxterm, or (4) a long DISPLAY environm... Read more

    Affected Products : tru64
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1934

    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.... Read more

    Affected Products : xpressa
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2236

    Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : apt-www-proxy
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2006

    The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.... Read more

    Affected Products : tomcat
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2338

    The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the mes... Read more

    Affected Products : mozilla navigator communicator
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2345

    Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.... Read more

    Affected Products : application_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-2426

    Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other pro... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2245

    ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the... Read more

    Affected Products : ftpd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2002-2208

    Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which res... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2214

    The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.... Read more

    Affected Products : enterprise_linux php
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2381

    Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add and (3) config-getthemeinfo of GTetrinet 0.4.3 and earlier allow remote attackers to casue a denial of service and possibly execute arbitrary code.... Read more

    Affected Products : gtetrinet
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-2162

    Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.... Read more

    Affected Products : trillian
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2276

    Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.... Read more

    Affected Products : ultimate_php_board
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2031

    Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler ... Read more

    Affected Products : internet_explorer
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2280

    syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.... Read more

    Affected Products : openbsd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 292803 Results