Search Results (365444 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1850 1 Apache 1 Http Server 2026-04-16 7.5 High
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
CVE-2002-1851 1 Ipswitch 1 Ws Ftp Pro 2026-04-16 N/A
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors.
CVE-2002-1852 1 Monkey-project 1 Monkey 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl.
CVE-2002-1853 1 Carlos Sanchez Valle 1 Mynewsgroups 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the subject of a newsgroup post, which is not properly handled by (1) myarticles.php, (2) search.php, (3) stats.php, or (4) standard.lib.php.
CVE-2002-1855 1 Macromedia 1 Jrun 2026-04-16 N/A
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1856 1 Hp 1 Application Server 2026-04-16 N/A
HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1857 1 Jo 1 Jo Webserver 2026-04-16 N/A
jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1858 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1859 1 Orionserver 1 Orion Application Server 2026-04-16 N/A
Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1860 1 Pramati 1 Pramati Server 2026-04-16 N/A
Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1861 1 Sybase 1 Easerver 2026-04-16 N/A
Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1862 1 Virtualzone 1 Smartmail Server 2026-04-16 N/A
SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent.
CVE-2002-1863 1 Iomega 1 Network Attached Storage 2026-04-16 N/A
Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to all shared directories have been disabled.
CVE-2002-1864 1 Sws 1 Sws Simple Web Server 2026-04-16 N/A
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP request.
CVE-2002-1865 2 D-link, Linksys 4 Di-804, Dl-704, Befw11s4 and 1 more 2026-04-16 N/A
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header.
CVE-2002-1866 1 Sws 1 Sws Simple Web Server 2026-04-16 N/A
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descriptors for 404 error messages, which could allow remote attackers to cause a denial of service (file descriptor exhaustion) via multiple requests for pages that do not exist.
CVE-2002-1867 1 Bizdesign 1 Imagefolio 2026-04-16 N/A
The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption).
CVE-2002-1868 1 Daniel Stenberg 1 Dispair 2026-04-16 N/A
Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.
CVE-2002-1869 1 Heysoft 2 Eventsave, Eventsave\+ 2026-04-16 3.3 Low
Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer.
CVE-2002-1870 1 Sws 1 Sws Simple Web Server 2026-04-16 N/A
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution.