Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-1499

    Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcom... Read more

    Affected Products : factosystem_weblog
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1501

    The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078.... Read more

    Affected Products : smartswitch_ssr8000
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1495

    Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicio... Read more

    Affected Products : jawmail
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2003-0141

    The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed d... Read more

    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0082

    The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (ak... Read more

    Affected Products : kerberos_5 kerberos
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1500

    Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are... Read more

    Affected Products : netbsd
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1513

    The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges... Read more

    Affected Products : tcp-ip_services
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0179

    Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control... Read more

    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1504

    Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL.... Read more

    Affected Products : webserver_4_everyone
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 6.2

    MEDIUM
    CVE-2002-1512

    xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file.... Read more

    Affected Products : bru
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1493

    Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.... Read more

    Affected Products : htmlgear_guestgear
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0152

    Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.... Read more

    Affected Products : bonsai
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0162

    Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.... Read more

    Affected Products : ecartis
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1527

    emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.... Read more

    Affected Products : emu_webmail
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1506

    Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.... Read more

    Affected Products : linuxconf
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1521

    Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.... Read more

    Affected Products : web_server_4d
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1492

    Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.... Read more

    Affected Products : vpn_5000_client
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1526

    Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.... Read more

    Affected Products : emu_webmail
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1489

    Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name.... Read more

    Affected Products : planetweb
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1494

    Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.... Read more

    Affected Products : html_os
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293654 Results