Search Results (365419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1921 1 Oracle 1 Mysql 2026-04-16 N/A
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
CVE-2002-1922 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables.
CVE-2002-1923 1 Oracle 1 Mysql 2026-04-16 N/A
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
CVE-2002-1924 1 Apc 1 Powerchute 2026-04-16 N/A
PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory.
CVE-2002-1925 1 Tiny Software 1 Tiny Personal Firewall 2026-04-16 N/A
Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module.
CVE-2002-1926 1 Aquonics Scripting 1 Aquonics File Manager 2026-04-16 N/A
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string.
CVE-2002-1927 1 Aquonics Scripting 1 Aquonics File Manager 2026-04-16 N/A
Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file.
CVE-2002-1928 1 Software602 1 602pro Lan Suite 2026-04-16 N/A
602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension.
CVE-2002-1929 1 Php Arena 1 Pafiledb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions.
CVE-2002-1930 1 An 1 An-httpd 2026-04-16 N/A
Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username.
CVE-2002-1931 1 Php Arena 1 Pafiledb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string.
CVE-2002-1932 1 Microsoft 2 Windows 2000, Windows Xp 2026-04-16 N/A
Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
CVE-2002-1933 1 Microsoft 1 Windows 2000 Terminal Services 2026-04-16 N/A
The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
CVE-2002-1934 1 Pingtel 1 Xpressa 2026-04-16 N/A
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.
CVE-2002-1935 1 Pingtel 1 Xpressa 2026-04-16 N/A
Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.
CVE-2002-1936 1 Utstarcom 1 Bas 1000 2026-04-16 N/A
UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase".
CVE-2002-1937 1 Symantec 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r 2026-04-16 N/A
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password.
CVE-2002-1938 1 Virgil 1 Cgi Scanner 2026-04-16 N/A
Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters.
CVE-2002-1714 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
CVE-2002-1713 1 Mandrakesoft 1 Mandrake Linux 2026-04-16 5.5 Medium
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.