Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0234 | 1 Juniper | 1 Netscreen Screenos | 2026-04-16 | N/A |
| NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections. | ||||
| CVE-2004-1340 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information. | ||||
| CVE-2004-1341 | 1 Roar Smith | 1 Info2www | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www. | ||||
| CVE-2002-0236 | 1 Lucent | 5 Vitalanalysis, Vitalevent, Vitalhelp and 2 more | 2026-04-16 | N/A |
| Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user. | ||||
| CVE-2002-0238 | 1 Netgear | 1 Rt314 | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. | ||||
| CVE-2002-0239 | 1 Hanterm | 1 Hanterm | 2026-04-16 | N/A |
| Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument. | ||||
| CVE-2002-0240 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | ||||
| CVE-2002-0245 | 1 Lotus | 1 Domino | 2026-04-16 | N/A |
| Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. | ||||
| CVE-2002-0248 | 1 Wliang | 1 Wmtv | 2026-04-16 | N/A |
| wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file. | ||||
| CVE-2002-0249 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | ||||
| CVE-2002-0253 | 1 Php | 1 Php | 2026-04-16 | N/A |
| PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. | ||||
| CVE-2002-0254 | 1 Mirabilis | 1 Icq | 2026-04-16 | N/A |
| ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. | ||||
| CVE-2002-0256 | 1 Arescom | 1 Netdsl | 2026-04-16 | N/A |
| The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop. | ||||
| CVE-2004-1405 | 1 Mediawiki | 1 Mediawiki | 2026-04-16 | N/A |
| MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. | ||||
| CVE-2002-0267 | 1 Sips | 1 Sips | 2026-04-16 | N/A |
| preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file. | ||||
| CVE-2002-0268 | 1 Identix | 1 Biologon | 2026-04-16 | N/A |
| Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges. | ||||
| CVE-2004-1416 | 2 Microsoft, Realnetworks | 2 Internet Explorer, Realone Player | 2026-04-16 | N/A |
| pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag. | ||||
| CVE-2002-0275 | 1 Blueface | 1 Falcon Web Server | 2026-04-16 | N/A |
| Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. | ||||
| CVE-2002-0283 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | N/A |
| Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. | ||||
| CVE-2004-1440 | 1 Putty | 1 Putty | 2026-04-16 | N/A |
| Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication. | ||||