Total
29908 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1662 | 1 Mambo | 1 Mambo Site Server | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. | |||||
| CVE-2002-1661 | 1 Leafnode | 1 Leafnode | 2026-06-16 | 5.0 MEDIUM | N/A |
| The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group. | |||||
| CVE-2002-1659 | 1 Iatek | 1 Portalapp | 2026-06-16 | 10.0 HIGH | N/A |
| user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable. | |||||
| CVE-2002-1658 | 1 Apache | 1 Http Server | 2026-06-16 | 4.6 MEDIUM | N/A |
| Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
| CVE-2002-1656 | 1 Xqus | 1 X-news | 2026-06-16 | 7.5 HIGH | N/A |
| X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie. | |||||
| CVE-2002-1655 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. | |||||
| CVE-2002-1654 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2026-06-16 | 7.5 HIGH | N/A |
| iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection. | |||||
| CVE-2002-1653 | 1 Farm9 | 1 Cryptcat | 2026-06-16 | 5.0 MEDIUM | N/A |
| Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information. | |||||
| CVE-2002-1652 | 1 Mit | 1 Cgiemail | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter. | |||||
| CVE-2002-1650 | 1 Squirrelmail | 1 Squirrelmail | 2026-06-16 | 7.5 HIGH | N/A |
| The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. | |||||
| CVE-2002-1649 | 1 Squirrelmail | 1 Squirrelmail | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. | |||||
| CVE-2002-1648 | 1 Squirrelmail | 1 Squirrelmail | 2026-06-16 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. | |||||
| CVE-2002-1647 | 1 Slashcode.com | 1 Slash | 2026-06-16 | 5.0 MEDIUM | N/A |
| The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL. | |||||
| CVE-2002-1646 | 1 Ssh | 1 Secure Shell For Servers | 2026-06-16 | 7.5 HIGH | N/A |
| SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server. | |||||
| CVE-2002-1645 | 1 Ssh | 1 Ssh2 | 2026-06-16 | 10.0 HIGH | N/A |
| Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2002-1644 | 1 Ssh | 1 Ssh2 | 2026-06-16 | 7.2 HIGH | N/A |
| SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges. | |||||
| CVE-2002-1643 | 1 Realnetworks | 1 Helix Universal Server | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments. | |||||
| CVE-2002-1642 | 1 Postgresql | 1 Postgresql | 2026-06-16 | 7.2 HIGH | N/A |
| PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command. | |||||
| CVE-2002-1641 | 1 Oracle | 1 Application Server Web Cache | 2026-06-16 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2002-1640 | 1 Oracle | 1 Configurator | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet. | |||||