Export limit exceeded: 364152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364152 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1147 1 Hp 1 Procurve Switch 4000m 2026-04-16 N/A
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.
CVE-2002-1148 2 Apache, Redhat 3 Tomcat, Rhel Stronghold, Stronghold 2026-04-16 N/A
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
CVE-2002-1149 1 Invision Power Services 1 Invision Board 2026-04-16 N/A
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
CVE-2002-1150 1 Microsoft 1 Netmeeting 2026-04-16 N/A
The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document.
CVE-2002-1151 2 Kde, Redhat 4 Kde, Konqueror, Enterprise Linux and 1 more 2026-04-16 N/A
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
CVE-2002-1152 2 Kde, Redhat 2 Kde, Linux 2026-04-16 N/A
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
CVE-2002-1153 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".
CVE-2002-1154 2 Redhat, Stephen Turner 2 Powertools, Analog 2026-04-16 N/A
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
CVE-2002-1155 1 Redhat 2 Enterprise Linux, Linux 2026-04-16 N/A
Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.
CVE-2002-1156 1 Apache 1 Http Server 2026-04-16 N/A
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
CVE-2002-1157 2 Mod Ssl, Redhat 5 Mod Ssl, Enterprise Linux, Linux and 2 more 2026-04-16 N/A
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
CVE-2002-1158 2 Canna, Redhat 3 Canna, Enterprise Linux, Linux 2026-04-16 N/A
Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.
CVE-2002-1159 2 Canna, Redhat 3 Canna, Enterprise Linux, Linux 2026-04-16 N/A
Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.
CVE-2002-1160 1 Redhat 2 Enterprise Linux, Linux 2026-04-16 N/A
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
CVE-2002-1225 1 Kth 1 Heimdal 2026-04-16 N/A
Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.
CVE-2002-1165 3 Netbsd, Redhat, Sendmail 4 Netbsd, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
CVE-2002-1166 1 John Franks 1 Wn Server 2026-04-16 N/A
Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2002-1167 1 Ibm 1 Websphere Caching Proxy Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
CVE-2002-1168 1 Ibm 1 Websphere Caching Proxy Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
CVE-2002-1169 1 Ibm 1 Websphere Caching Proxy Server 2026-04-16 N/A
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.