Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0734 1 Michel Valdrighi 1 B2 2026-06-16 7.5 HIGH N/A
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
CVE-2002-0733 1 Acme Labs 1 Thttpd 2026-06-16 7.5 HIGH N/A
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
CVE-2002-0732 1 Levcgi.com 1 Myguestbook 2026-06-16 7.5 HIGH N/A
Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments.
CVE-2002-0731 1 Vqsoft 1 Vqserver 2026-06-16 7.5 HIGH N/A
Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.
CVE-2002-0730 1 Philip Chinery 1 Philip Chinerys Guestbook 2026-06-16 7.5 HIGH N/A
Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.
CVE-2002-0729 1 Microsoft 1 Sql Server 2026-06-16 5.0 MEDIUM N/A
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
CVE-2002-0728 1 Greg Roelofs 1 Libpng 2026-06-16 5.0 MEDIUM N/A
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
CVE-2002-0727 1 Microsoft 2 Office Web Components, Project 2026-06-16 7.5 HIGH N/A
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
CVE-2002-0726 1 Microsoft 1 Tsac Activex Control 2026-06-16 7.5 HIGH N/A
Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.
CVE-2002-0724 1 Microsoft 3 Windows 2000, Windows Nt, Windows Xp 2026-06-16 7.5 HIGH N/A
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
CVE-2002-0723 1 Microsoft 1 Internet Explorer 2026-06-16 7.5 HIGH N/A
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."
CVE-2002-0722 1 Microsoft 1 Internet Explorer 2026-06-16 7.5 HIGH N/A
Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing."
CVE-2002-0721 1 Microsoft 2 Data Engine, Sql Server 2026-06-16 10.0 HIGH N/A
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
CVE-2002-0720 1 Microsoft 2 Windows 2000, Windows 2000 Terminal Services 2026-06-16 7.2 HIGH N/A
A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.
CVE-2002-0719 1 Microsoft 1 Content Management Server 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
CVE-2002-0718 1 Microsoft 1 Content Management Server 2026-06-16 7.5 HIGH N/A
Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
CVE-2002-0717 1 Php 1 Php 2026-06-16 7.5 HIGH N/A
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.
CVE-2002-0716 1 Sco 1 Openserver 2026-06-16 7.2 HIGH N/A
Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.
CVE-2002-0715 1 Squid 1 Squid 2026-06-16 5.0 MEDIUM N/A
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
CVE-2002-0714 1 Squid 1 Squid 2026-06-16 7.5 HIGH N/A
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.