Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-0730

    Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.... Read more

    Affected Products : philip_chinerys_guestbook
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2002-0459

    Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.... Read more

    Affected Products : news-tnk board-tnk
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0744

    namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.... Read more

    Affected Products : aix
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0418

    Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.... Read more

    Affected Products : sake_mail
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0741

    psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.... Read more

    Affected Products : psybnc
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0484

    move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.... Read more

    Affected Products : php
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0733

    Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.... Read more

    Affected Products : thttpd
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0411

    Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.... Read more

    Affected Products : aeromail
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0775

    browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter.... Read more

    Affected Products : hosting_controller
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0734

    b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program store... Read more

    Affected Products : b2
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0486

    Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.... Read more

    Affected Products : xpede
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0743

    mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.... Read more

    Affected Products : aix
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0424

    efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger... Read more

    Affected Products : efingerd
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0413

    Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.... Read more

    Affected Products : rebb
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-0771

    Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.... Read more

    Affected Products : viewcvs
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0795

    The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.... Read more

    Affected Products : freebsd
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-0812

    Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuratio... Read more

    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0770

    Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros... Read more

    Affected Products : quake_2i_server
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0503

    Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter.... Read more

    Affected Products : nfuse
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0427

    Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.... Read more

    Affected Products : improved_mod_frontpage
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 292803 Results