Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2002-0253

    PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, caus... Read more

    Affected Products : php
    • Published: May. 29, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-0270

    Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the u... Read more

    Affected Products : opera_web_browser
    • Published: May. 29, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0254

    ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails.... Read more

    Affected Products : icq
    • Published: May. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1447

    Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.... Read more

    Affected Products : vpn_client
    • Published: May. 28, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1641

    Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.... Read more

    • Published: May. 27, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1340

    Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.... Read more

    Affected Products : ipc_at_chip_telnetd_server
    • Published: May. 21, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1334

    Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.... Read more

    Affected Products : phpslash
    • Published: May. 19, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1280

    Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash).... Read more

    Affected Products : realsecure_event_collector
    • Published: May. 17, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0227

    KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.... Read more

    Affected Products : kde kicq
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0214

    Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the ... Read more

    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0203

    ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.... Read more

    Affected Products : tarantella_enterprise
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-0202

    PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable ... Read more

    Affected Products : paintbbs
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0228

    Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or ... Read more

    Affected Products : msn_messenger
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0206

    index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.... Read more

    Affected Products : php-nuke
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0217

    Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.... Read more

    Affected Products : xoops
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2002-0184

    Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.... Read more

    Affected Products : debian_linux sudo
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0230

    Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.... Read more

    Affected Products : faq-o-matic
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0171

    IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.... Read more

    Affected Products : irisconsole
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0208

    PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.... Read more

    Affected Products : pgpfire
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0216

    userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.... Read more

    Affected Products : xoops
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 292811 Results