Search Results (364152 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1126 3 Galeon, Mozilla, Redhat 4 Galeon Browser, Mozilla, Enterprise Linux and 1 more 2026-04-16 N/A
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
CVE-2002-1127 1 Digital 1 Osf 1 2026-04-16 N/A
Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter.
CVE-2002-1128 1 Digital 2 Osf 1, Ultrix 2026-04-16 N/A
Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable.
CVE-2002-1129 2 Compaq, Digital 2 Tru64, Osf 1 2026-04-16 N/A
Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.
CVE-2002-1131 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2026-04-16 N/A
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
CVE-2002-1132 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2026-04-16 N/A
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
CVE-2002-1133 1 Funsoft 1 Dinos Webserver 2026-04-16 N/A
Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters.
CVE-2002-1134 1 Hp 1 Webes Service Tools 2026-04-16 N/A
Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files.
CVE-2002-1135 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.
CVE-2002-1137 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
CVE-2002-1177 1 Nullsoft 1 Winamp 2026-04-16 N/A
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
CVE-2002-1138 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
CVE-2002-1139 1 Microsoft 3 Windows 98 Plus Pack, Windows Me, Windows Xp 2026-04-16 N/A
The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."
CVE-2002-1140 1 Microsoft 1 Services 2026-04-16 N/A
The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
CVE-2002-1141 1 Microsoft 1 Services 2026-04-16 N/A
An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
CVE-2002-1142 1 Microsoft 3 Data Access Components, Ie, Internet Explorer 2026-04-16 N/A
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
CVE-2002-1143 1 Microsoft 2 Excel, Word 2026-04-16 N/A
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
CVE-2002-1145 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
CVE-2002-1178 1 Jetty 1 Jetty Http Server 2026-04-16 N/A
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.
CVE-2002-1146 2 Gnu, Redhat 3 Glibc, Enterprise Linux, Linux 2026-04-16 N/A
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).