Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2002-1474

    Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.... Read more

    Affected Products : tru64
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1464

    Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.... Read more

    Affected Products : b2
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1469

    scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environmen... Read more

    Affected Products : scponly
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1480

    Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.... Read more

    Affected Products : phpgb
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1467

    Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).... Read more

    Affected Products : flash_player shockwave
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1483

    db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot).... Read more

    Affected Products : db4web
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1479

    Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.... Read more

    Affected Products : cacti
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1476

    Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 element... Read more

    Affected Products : netbsd
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1054

    mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.... Read more

    Affected Products : mod_access_referer
    • Published: Apr. 16, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0169

    hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop.... Read more

    Affected Products : instant_toptools
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2002-1426

    HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.... Read more

    Affected Products : procurve_switch_4000m
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1415

    Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests.... Read more

    Affected Products : webeasymail
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1410

    Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.... Read more

    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0135

    vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.... Read more

    Affected Products : linux
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0134

    Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.... Read more

    Affected Products : http_server
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1434

    Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.... Read more

    Affected Products : kerio_mailserver
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1430

    Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters.... Read more

    Affected Products : sympoll
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1427

    The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.... Read more

    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1414

    Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.... Read more

    Affected Products : qmailadmin
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1439

    Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.... Read more

    Affected Products : virtualvault vvos
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293628 Results