Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-2156

    Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.... Read more

    Affected Products : trillian
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2183

    phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to include and execute arbitrary PHP scripts from remote servers.... Read more

    Affected Products : phpshare
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2002-2185

    The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the route... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2117

    Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).... Read more

    Affected Products : windows_xp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2065

    WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.... Read more

    Affected Products : webcalendar
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2226

    Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument.... Read more

    Affected Products : tftpd32
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-2177

    BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2209

    Unspecified "security vulnerability" in Baby FTP Server versions before November 7, 2002 has unknown impact and attack vectors.... Read more

    Affected Products : baby_ftp_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2184

    Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP addresses of other chat users via a "Showip" parameter in the chat applet.... Read more

    Affected Products : digichat
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2081

    cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.... Read more

    Affected Products : site_server site_server_commerce
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2235

    member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other a... Read more

    Affected Products : vbulletin
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-2128

    editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter.... Read more

    Affected Products : w-agora
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2091

    Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request.... Read more

    Affected Products : decfingerd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2281

    Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler.... Read more

    Affected Products : java
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-2139

    Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2002-2175

    phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username... Read more

    Affected Products : phpsquidpass
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2122

    Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory.... Read more

    Affected Products : pointsec
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-2199

    The default aide.conf file in Advanced Intrusion Detection Environment (AIDE) before 0.7_1 on FreeBSD before 2002-08-28 does not properly check subdirectories, which could allow local users to bypass detection.... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2131

    Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument.... Read more

    Affected Products : perl-httpd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2111

    Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet.... Read more

    Affected Products : fwmon
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293600 Results