Search Results (364158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1460 1 Leszek Krupinski 1 L-forum 2026-04-16 N/A
L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files.
CVE-2002-1461 1 Webscriptworld 1 Web Shop Manager 2026-04-16 N/A
Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.
CVE-2002-1462 1 Organicphp 1 Php-affiliate 2026-04-16 N/A
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields.
CVE-2002-1463 1 Symantec 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more 2026-04-16 N/A
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
CVE-2002-1464 1 Cafelog 1 B2 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.
CVE-2002-1465 1 Cafelog 1 B2 2026-04-16 N/A
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
CVE-2002-1466 1 Cafelog 1 B2 2026-04-16 N/A
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
CVE-2002-1467 2 Macromedia, Redhat 4 Flash Player, Shockwave, Enterprise Linux and 1 more 2026-04-16 N/A
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
CVE-2002-1469 1 Scponly 1 Scponly 2026-04-16 N/A
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
CVE-2002-1470 1 Nullsoft 1 Shoutcast Server 2026-04-16 N/A
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
CVE-2002-1471 1 Ximian 1 Evolution 2026-04-16 N/A
The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.
CVE-2002-1472 2 Redhat, Xfree86 Project 2 Linux, X11r6 2026-04-16 N/A
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
CVE-2002-1473 1 Hp 1 Hp-ux 2026-04-16 N/A
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
CVE-2002-1474 1 Hp 1 Tru64 2026-04-16 N/A
Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.
CVE-2002-1475 1 Hp 1 Tru64 2026-04-16 N/A
Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service.
CVE-2002-1476 1 Netbsd 1 Netbsd 2026-04-16 N/A
Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.
CVE-2002-1477 1 The Cacti Group 1 Cacti 2026-04-16 N/A
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
CVE-2002-1479 1 The Cacti Group 1 Cacti 2026-04-16 N/A
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.
CVE-2002-1480 1 Phpgb 1 Phpgb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
CVE-2002-1481 1 Phpgb 1 Phpgb 2026-04-16 N/A
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.