Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2002-2366

    Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.... Read more

    Affected Products : trillian
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2349

    phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.... Read more

    Affected Products : phpbbmod
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2332

    Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.... Read more

    Affected Products : opera_web_browser
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2333

    Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.... Read more

    Affected Products : kde
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2335

    Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php.... Read more

    Affected Products : killer_protection
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-2311

    Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it ... Read more

    Affected Products : internet_explorer opera_web_browser
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2403

    Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.... Read more

    Affected Products : kf_web_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-2350

    Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter.... Read more

    Affected Products : zorum
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-2324

    The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricte... Read more

    Affected Products : windows_xp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2389

    TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.... Read more

    Affected Products : the_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1792

    Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers to execute arbitrary code as root via a long request that is split into multiple packets.... Read more

    Affected Products : fake_identd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1923

    The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.... Read more

    Affected Products : mysql
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1982

    Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory ... Read more

    Affected Products : icecast
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-1825

    Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable.... Read more

    Affected Products : wasd_http_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2033

    faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).... Read more

    Affected Products : faqmanager.cgi
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1634

    Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl.... Read more

    Affected Products : netware
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2053

    The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is runni... Read more

    Affected Products : ios
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2374

    Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."... Read more

    Affected Products : patchpro
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1861

    Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing do... Read more

    Affected Products : easerver
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2368

    Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Conne... Read more

    Affected Products : socks_5
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293615 Results