LiveActive security incident?Get immediate response
CVE archive

May 2002

Browse CVE records published in May 2002, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 48 of 148 matching CVEs · Page 3 of 3.

Unknown · CVSS Not scored

CVE-2002-0270: Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an...

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0253: PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obt...

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0257: Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to...

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

Published May 3, 2002 · Updated Aug 8, 2024