Explore CVEs related to Input Validation vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Input Validation CVEs published in 2002. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2002-2423 | Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response. | 6.4 | 0.27% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2421 | acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2. | 7.8 | 0.46% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2420 | site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | 7.5 | 8.75% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2415 | Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service. | 6.8 | 0.85% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2406 | Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request. | 5.0 | 1.59% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2393 | Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. | 5.0 | 7.29% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2371 | Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header. | 7.8 | 1.00% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2365 | Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character. | 10.0 | 1.94% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2354 | Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. | 7.8 | 0.98% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2338 | The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | 5.0 | 7.42% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2329 | ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. | 7.8 | 1.00% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2328 | Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. | 7.1 | 37.66% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2325 | The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. | 7.8 | 6.26% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2322 | Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. | 5.0 | 0.48% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2314 | Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | 5.0 | 13.17% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2239 | The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet. | 7.8 | 0.71% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2237 | tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a denial of service via a GET request with a DOS device name such as com1 or aux. | 5.0 | 1.80% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2236 | Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code. | 10.0 | 4.29% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2228 | MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner. | 6.4 | 0.23% | 2002-12-31 | 2026-04-16 |
| CVE-2002-1979 | WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server. | 7.5 | 0.22% | 2002-12-31 | 2026-04-16 |