Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0578 1 Aci 1 4d Webserver 2026-06-16 7.5 HIGH N/A
Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password.
CVE-2002-0577 1 Hp 1 Hp-ux 2026-06-16 2.1 LOW N/A
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.
CVE-2002-0576 1 Allaire 1 Coldfusion Server 2026-06-16 5.0 MEDIUM N/A
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
CVE-2002-0575 1 Openbsd 1 Openssh 2026-06-16 7.5 HIGH N/A
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
CVE-2002-0573 1 Sun 2 Solaris, Sunos 2026-06-16 7.5 HIGH N/A
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
CVE-2002-0572 3 Freebsd, Openbsd, Sun 4 Freebsd, Openbsd, Solaris and 1 more 2026-06-16 7.2 HIGH N/A
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
CVE-2002-0571 1 Oracle 1 Oracle9i 2026-06-16 7.5 HIGH N/A
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
CVE-2002-0570 1 Linux 1 Linux Kernel 2026-06-16 2.1 LOW N/A
The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.
CVE-2002-0569 1 Oracle 1 Application Server 2026-06-16 7.5 HIGH N/A
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).
CVE-2002-0568 1 Oracle 3 Application Server, Oracle8i, Oracle9i 2026-06-16 2.1 LOW N/A
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
CVE-2002-0567 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2026-06-16 7.5 HIGH N/A
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
CVE-2002-0566 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2026-06-16 5.0 MEDIUM N/A
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
CVE-2002-0565 1 Oracle 3 Application Server, Application Server Web Cache, Oracle9i 2026-06-16 5.0 MEDIUM N/A
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
CVE-2002-0564 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2026-06-16 7.5 HIGH N/A
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
CVE-2002-0562 1 Oracle 3 Application Server, Application Server Web Cache, Oracle9i 2026-06-16 5.0 MEDIUM N/A
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
CVE-2002-0561 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2026-06-16 7.5 HIGH N/A
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
CVE-2002-0560 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2026-06-16 5.0 MEDIUM N/A
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
CVE-2002-0559 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2026-06-16 7.5 HIGH N/A
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.
CVE-2002-0558 1 Typsoft 1 Typsoft Ftp Server 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.
CVE-2002-0557 1 Openbsd 1 Openbsd 2026-06-16 7.5 HIGH N/A
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().