CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2002-2423 Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response. | N/A | NONE | — | 0 |
| CVE-2002-2424 Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag. | N/A | NONE | — | 0 |
| CVE-2002-2425 Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request. | N/A | NONE | — | 0 |
| CVE-2002-2426 Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute a... | N/A | NONE | — | 0 |
| CVE-2002-1378 Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file ... | N/A | NONE | — | 0 |
| CVE-2002-1379 OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges. | N/A | NONE | — | 0 |
| CVE-2002-1384 Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as d... | N/A | NONE | — | 0 |
| CVE-2002-1386 Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary code via a long hostname argument. | N/A | NONE | — | 0 |
| CVE-2002-1387 The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument. | N/A | NONE | — | 0 |
| CVE-2002-1388 Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages. | N/A | NONE | — | 0 |
| CVE-2002-1389 Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input. | N/A | NONE | — | 0 |
| CVE-2003-1071 rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then suppl... | N/A | NONE | — | 0 |
| CVE-2002-0626 Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. | N/A | NONE | — | 0 |
| CVE-2002-0627 The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. | N/A | NONE | — | 0 |
| CVE-2002-0628 The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute f... | 7.5 | HIGH | — | 0 |
| CVE-2002-0629 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server. | N/A | NONE | — | 0 |
| CVE-2002-0630 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. | N/A | NONE | — | 0 |
| CVE-2003-0014 gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | N/A | NONE | — | 0 |
| CVE-2002-1390 The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL. | N/A | NONE | — | 0 |
| CVE-2025-24643 Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a thro... | 6.5 | MEDIUM | — | 0 |
| CVE-2002-1391 Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument. | N/A | NONE | — | 0 |
| CVE-2002-1392 faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges. | N/A | NONE | — | 0 |
| CVE-2002-1393 Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via... | N/A | NONE | — | 0 |
| CVE-2002-1394 Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of C... | N/A | NONE | — | 0 |
| CVE-2002-1395 Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagen... | N/A | NONE | — | 0 |
| CVE-2002-1396 Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2002-1397 Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly tr... | N/A | NONE | — | 0 |
| CVE-2002-1398 Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handlin... | N/A | NONE | — | 0 |
| CVE-2002-1399 Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which i... | N/A | NONE | — | 0 |
| CVE-2002-1400 Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string. | N/A | NONE | — | 0 |
| CVE-2002-1401 Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possi... | N/A | NONE | — | 0 |
| CVE-2002-1402 Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2002-1403 dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script. | N/A | NONE | — | 0 |
| CVE-2003-0001 Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using mal... | N/A | NONE | — | 0 |
| CVE-2005-4787 Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes... | N/A | NONE | — | 0 |
| CVE-2024-49247 Authentication Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration better-bp-registration allows Authentication Bypass.This issue affects BuddyPress Better Reg... | 9.8 | CRITICAL | — | 0 |
| CVE-2003-0012 The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows lo... | N/A | NONE | — | 0 |
| CVE-2003-0013 The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from ed... | N/A | NONE | — | 0 |
| CVE-2003-0025 Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as c... | N/A | NONE | — | 0 |
| CVE-2003-0026 Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute a... | N/A | NONE | — | 0 |
| CVE-2003-0031 Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash). | N/A | NONE | — | 0 |
| CVE-2003-0032 Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load al... | N/A | NONE | — | 0 |
| CVE-2003-1075 Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP client... | N/A | NONE | — | 0 |
| CVE-2003-1090 Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title. | N/A | NONE | — | 0 |
| CVE-2005-4788 resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices." | N/A | NONE | — | 0 |
| CVE-2002-1252 The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fiel... | N/A | NONE | — | 0 |
| CVE-2003-0002 Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter. | N/A | NONE | — | 0 |
| CVE-2003-0003 Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC ca... | N/A | NONE | — | 0 |
| CVE-2003-0007 Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how ... | N/A | NONE | — | 0 |
| CVE-2003-0015 Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypas... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.