Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-1407

    TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.... Read more

    Affected Products : tinyssl
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1416

    The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks.... Read more

    Affected Products : webeasymail
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1422

    admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.... Read more

    Affected Products : fudforum
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1423

    tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.... Read more

    Affected Products : fudforum
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1421

    SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.... Read more

    Affected Products : fudforum
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1417

    Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which... Read more

    Affected Products : netware small_business_suite
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1437

    Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.... Read more

    Affected Products : netware netware
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1412

    Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.... Read more

    Affected Products : gallery
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1436

    The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.... Read more

    Affected Products : netware netware
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0197

    Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).... Read more

    Affected Products : firebird interbase
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1439

    Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.... Read more

    Affected Products : virtualvault vvos
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1434

    Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.... Read more

    Affected Products : kerio_mailserver
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1409

    ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."... Read more

    Affected Products : hp-ux
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1440

    The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.... Read more

    Affected Products : gs-400
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1435

    class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.... Read more

    Affected Products : achievo
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1429

    Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter.... Read more

    Affected Products : shoutbox
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1420

    Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned i... Read more

    Affected Products : openbsd openbsd
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1443

    The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.... Read more

    Affected Products : toolbar
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1427

    The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.... Read more

    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1413

    RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.... Read more

    Affected Products : netware netware
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293611 Results