Search Results (364436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1937 1 Symantec 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r 2026-04-16 N/A
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password.
CVE-2002-1936 1 Utstarcom 1 Bas 1000 2026-04-16 N/A
UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase".
CVE-2002-1715 1 Ssh 2 Ssh, Ssh2 2026-04-16 N/A
SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.
CVE-2002-1716 1 Microsoft 1 Office 2026-04-16 N/A
The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability.
CVE-2002-1717 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.
CVE-2002-1718 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.
CVE-2002-1719 1 Bavo 1 Bavo 2026-04-16 N/A
Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages.
CVE-2002-1720 1 Outfront 1 Spooky Login 2026-04-16 N/A
SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows remote attackers to bypass authentication and gain privileges via the password field.
CVE-2002-1721 1 Pldaniels 1 Altermime 2026-04-16 7.5 High
Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.
CVE-2002-1722 1 Logitech 3 Cordless Freedom Itouch Keyboard, Cordless Itouch Keyboard, Itouch Keyboard 2026-04-16 N/A
Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button.
CVE-2002-1723 1 Powerboards 1 Powerboards 2026-04-16 N/A
Powerboards 2.2b allows remote attackers to view the full path to the backend database by sending a cookie containing a non-existent username to profiles.php, which displays the full path in the error message.
CVE-2002-1724 1 Onlinetools.org 1 Phpimageview 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter.
CVE-2002-1725 1 Onlinetools.org 1 Phpimageview 2026-04-16 N/A
phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain sensitive information via the pw=show option, which invokes the phpinfo function.
CVE-2002-1726 1 Brokenbytes 1 Photodb 2026-04-16 N/A
secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page.
CVE-2002-1727 1 Asksam Systems 1 Asksam Web Publisher 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_web4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL.
CVE-2002-1728 1 Asksam Systems 1 Asksam Web Publisher 2026-04-16 N/A
askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path.
CVE-2002-1729 1 Aspjar 1 Aspjar Guestbook 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message.
CVE-2002-1730 1 Aspjar 1 Aspjar Guestbook 2026-04-16 N/A
ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true".
CVE-2002-1731 1 Ibm 1 Os 400 2026-04-16 N/A
The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.
CVE-2002-1732 1 Actinic 1 Actinic Catalog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl.