Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0239 1 Hanterm 1 Hanterm 2026-04-16 N/A
Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument.
CVE-2002-0241 1 Cisco 1 Secure Access Control Server 2026-04-16 N/A
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.
CVE-2002-0285 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
CVE-2002-0286 1 Sitenews 1 Sitenews 2026-04-16 N/A
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
CVE-2002-0903 1 Woltlab 1 Burning Board 2026-04-16 N/A
register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value.
CVE-2002-0294 1 Alcatel-lucent 1 Omnipcx 2026-04-16 N/A
Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system.
CVE-2002-0904 1 Kismet 1 Kismet 2026-04-16 N/A
SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument.
CVE-2002-0297 1 Nombas 1 Scriptease Webserver 2026-04-16 N/A
Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.
CVE-2002-0907 1 Nullsoft 1 Shoutcast Server 2026-04-16 N/A
Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".
CVE-2002-0303 1 Novell 1 Groupwise 2026-04-16 N/A
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.
CVE-2002-0305 1 Zero One Tech 1 P100s 2026-04-16 N/A
Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge.
CVE-2002-0913 1 Stephen Hebditch 1 Slurp 2026-04-16 N/A
Format string vulnerability in log_doit function of Slurp NNTP client 1.1.0 allows a malicious news server to execute arbitrary code on the client via format strings in a server response.
CVE-2002-0307 1 Avengers News System 1 Avengers News System 2026-04-16 N/A
Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function.
CVE-2002-0308 1 Stefan Holmberg 1 Admentor 2026-04-16 N/A
admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments.
CVE-2002-0310 1 Netwin 1 Webnews 2026-04-16 N/A
Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879.
CVE-2002-0314 3 Fasttrack, Grokster, Music City Networks 3 Kazaa, Grokster, Morpheus 2026-04-16 N/A
fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message.
CVE-2002-0316 1 Xmb Software 1 Xmb Forum 2026-04-16 N/A
Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag.
CVE-2002-0323 1 Nombas 1 Scriptease Webserver 2026-04-16 N/A
comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL.
CVE-2002-0917 1 Cgiscript.net 1 Cspassword 2026-04-16 N/A
CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users.
CVE-2002-0324 1 Noah Gray 1 Graymatter 2026-04-16 N/A
Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action.