Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2002-1700

    Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filt... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-2353

    tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.... Read more

    Affected Products : tftpd32
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1932

    Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users an... Read more

    Affected Products : windows_2000 windows_xp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1617

    Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to execute arbitrary code via (1) a long -contextDir argument to dtaction, (2) a long -p argument to dtprintinfo, (3) a long -customization argument to dxterm, or (4) a long DISPLAY environm... Read more

    Affected Products : tru64
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1919

    SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.... Read more

    Affected Products : vp-asp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1868

    Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.... Read more

    Affected Products : dispair
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2164

    Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.... Read more

    Affected Products : outlook_express
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1905

    Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.... Read more

    Affected Products : viavideo
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2006

    The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.... Read more

    Affected Products : tomcat
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-1825

    Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable.... Read more

    Affected Products : wasd_http_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2033

    faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).... Read more

    Affected Products : faqmanager.cgi
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-2363

    VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2394

    InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding.... Read more

    Affected Products : interscan_viruswall
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2391

    SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.... Read more

    Affected Products : xoops webchat
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2245

    ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the... Read more

    Affected Products : ftpd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-2426

    Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other pro... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2002-2379

    Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the ven... Read more

    Affected Products : as5350
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.9

    MEDIUM
    CVE-2002-2407

    Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim... Read more

    Affected Products : rtos
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.6

    MEDIUM
    CVE-2002-2263

    The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.... Read more

    Affected Products : hp-ux visualize_conference_ftp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2217

    Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php.... Read more

    Affected Products : web_server_creator
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293640 Results