Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2003-1071

    rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.... Read more

    Affected Products : solaris sunos
    • Published: Jan. 03, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1386

    Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary code via a long hostname argument.... Read more

    Affected Products : tracesroute
    • Published: Jan. 02, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1387

    The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument.... Read more

    Affected Products : tracesroute
    • Published: Jan. 02, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1388

    Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.... Read more

    Affected Products : mhonarc
    • Published: Jan. 02, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1389

    Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.... Read more

    Affected Products : typespeed
    • Published: Jan. 02, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1378

    Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3... Read more

    Affected Products : openldap
    • Published: Jan. 02, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1384

    Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.... Read more

    Affected Products : xpdf cups
    • Published: Jan. 02, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1379

    OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.... Read more

    Affected Products : openldap
    • Published: Jan. 02, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2368

    Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Conne... Read more

    Affected Products : socks_5
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1656

    X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.... Read more

    Affected Products : x-news
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-1632

    Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.... Read more

    Affected Products : application_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1700

    Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filt... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1931

    Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string.... Read more

    Affected Products : pafiledb
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-2073

    Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2410

    openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certai... Read more

    Affected Products : open_webmail
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-2353

    tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.... Read more

    Affected Products : tftpd32
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1861

    Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing do... Read more

    Affected Products : easerver
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2002-1796

    ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2033

    faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).... Read more

    Affected Products : faqmanager.cgi
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-1825

    Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable.... Read more

    Affected Products : wasd_http_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293612 Results