Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2002-2186

    Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.... Read more

    Affected Products : jrun
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2031

    Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler ... Read more

    Affected Products : internet_explorer
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2167

    Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of a... Read more

    Affected Products : 123tkshop
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2365

    Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.... Read more

    Affected Products : simple_wais
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2002-2239

    The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.... Read more

    Affected Products : ios catalyst_6500 catalyst_7600
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2370

    SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause a denial of service (crash) via a URL request that does not end with a newline.... Read more

    Affected Products : sws_simple_web_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2025

    Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of ... Read more

    Affected Products : lotus_domino_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2214

    The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.... Read more

    Affected Products : enterprise_linux php
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2002-2208

    Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which res... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2345

    Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.... Read more

    Affected Products : application_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2338

    The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the mes... Read more

    Affected Products : mozilla navigator communicator
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 8.5

    HIGH
    CVE-2002-2232

    Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command.... Read more

    Affected Products : enceladus_server_suite
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2084

    Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters.... Read more

    Affected Products : portix-php
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2305

    SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter.... Read more

    Affected Products : immobilier
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2292

    Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095.... Read more

    Affected Products : iasp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2319

    Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3.... Read more

    Affected Products : mysimplenews
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2002-2331

    W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in ... Read more

    Affected Products : w3mail
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2342

    Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.... Read more

    Affected Products : bannermatic
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-2401

    NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.... Read more

    Affected Products : windows_2000 windows_xp windows_nt
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-2396

    Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option.... Read more

    Affected Products : advanced_tftp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293589 Results