Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2002-0407

    htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2... Read more

    Affected Products : domino
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0437

    Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources.... Read more

    Affected Products : sms_server_tools
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0448

    Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.... Read more

    Affected Products : xerver
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0702

    Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS serve... Read more

    Affected Products : dhcpd dhcp
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0406

    Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in.... Read more

    Affected Products : sphereserver
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2002-0435

    Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it ... Read more

    Affected Products : linux fileutils
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0439

    Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information field... Read more

    Affected Products : cauposhop
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0716

    Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.... Read more

    Affected Products : openserver
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0031

    Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.... Read more

    Affected Products : messenger
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0434

    Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter.... Read more

    Affected Products : directory.php
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0433

    Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character.... Read more

    Affected Products : pi3web
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0714

    FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.... Read more

    Affected Products : squid
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0713

    Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (... Read more

    Affected Products : squid
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0436

    sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.... Read more

    Affected Products : solaris sunos
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0703

    An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.... Read more

    Affected Products : digest-md5
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0431

    XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection.... Read more

    Affected Products : xtux
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0398

    Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name.... Read more

    Affected Products : 1050ap_lan_acess_point
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0688

    ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.... Read more

    Affected Products : zope
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0643

    The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encr... Read more

    Affected Products : sql_server sql_server data_engine
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2002-0671

    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing... Read more

    Affected Products : xpressa xpressa_firmware
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 294853 Results