Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0407 1 Lotus 1 Domino 2026-06-16 5.0 MEDIUM N/A
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
CVE-2002-0406 1 Menasoft 1 Sphereserver 2026-06-16 5.0 MEDIUM N/A
Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in.
CVE-2002-0405 1 Transsoft 1 Broker Ftp Server 2026-06-16 10.0 HIGH N/A
Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters.
CVE-2002-0404 1 Ethereal Group 1 Ethereal 2026-06-16 5.0 MEDIUM N/A
Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).
CVE-2002-0403 1 Ethereal Group 1 Ethereal 2026-06-16 5.0 MEDIUM N/A
DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.
CVE-2002-0402 1 Ethereal Group 1 Ethereal 2026-06-16 7.5 HIGH N/A
Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.
CVE-2002-0400 1 Isc 1 Bind 2026-06-16 5.0 MEDIUM N/A
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
CVE-2002-0399 1 Gnu 1 Tar 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.
CVE-2002-0398 1 Red-m 1 1050ap Lan Acess Point 2026-06-16 10.0 HIGH N/A
Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name.
CVE-2002-0397 1 Red-m 1 1050ap Lan Acess Point 2026-06-16 5.0 MEDIUM N/A
Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887.
CVE-2002-0396 1 Red-m 1 1050ap Lan Acess Point 2026-06-16 7.5 HIGH N/A
The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session.
CVE-2002-0395 1 Red-m 1 1050ap Lan Acess Point 2026-06-16 10.0 HIGH N/A
The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods.
CVE-2002-0394 1 Red-m 1 1050ap Lan Acess Point 2026-06-16 10.0 HIGH N/A
Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords.
CVE-2002-0393 1 Red-m 1 1050ap Lan Acess Point 2026-06-16 10.0 HIGH N/A
Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password.
CVE-2002-0389 1 Gnu 1 Mailman 2026-06-16 2.1 LOW N/A
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
CVE-2002-0388 1 Gnu 1 Mailman 2026-06-16 7.5 HIGH N/A
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
CVE-2002-0387 1 Sun 1 One Application Server 2026-06-16 7.5 HIGH N/A
Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL.
CVE-2002-0386 1 Oracle 1 Application Server 2026-06-16 5.0 MEDIUM N/A
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.
CVE-2002-0385 1 Vignette 2 Storyserver, Vignette 2026-06-16 5.0 MEDIUM N/A
Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '"' (double quote) and and '>' characters, which causes the TCL interpreter to crash and include stack data in the output.
CVE-2002-0384 1 Rob Flynn 1 Gaim 2026-06-16 7.5 HIGH N/A
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code.