Total
29796 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0040 | 1 Glftpd | 1 Glftpd | 2025-04-03 | N/A |
| glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. | ||||
| CVE-2000-0041 | 1 Apple | 1 Macos | 2025-04-03 | N/A |
| Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. | ||||
| CVE-2000-0042 | 1 Csm | 1 Mail Server | 2025-04-03 | N/A |
| Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. | ||||
| CVE-2000-0043 | 1 Camshot | 1 Webcam Http Server | 2025-04-03 | N/A |
| Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. | ||||
| CVE-2002-1447 | 1 Cisco | 1 Vpn Client | 2025-04-03 | N/A |
| Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. | ||||
| CVE-2002-1449 | 1 Frederic Tyndiuk | 1 Eupload | 2025-04-03 | N/A |
| eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt. | ||||
| CVE-2002-1450 | 1 Ibm | 1 U2 Universe | 2025-04-03 | N/A |
| IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow. | ||||
| CVE-2002-1451 | 1 Desiderata Software | 1 Blazix | 2025-04-03 | N/A |
| Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character. | ||||
| CVE-2002-1453 | 1 Mywebserver | 1 Mywebserver | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message. | ||||
| CVE-2002-1459 | 1 Leszek Krupinski | 1 L-forum | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject. | ||||
| CVE-2002-1461 | 1 Webscriptworld | 1 Web Shop Manager | 2025-04-03 | N/A |
| Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box. | ||||
| CVE-2002-1464 | 1 Cafelog | 1 B2 | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable. | ||||
| CVE-2002-1466 | 1 Cafelog | 1 B2 | 2025-04-03 | N/A |
| CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. | ||||
| CVE-2002-1470 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | N/A |
| SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file. | ||||
| CVE-2002-1493 | 1 Lycos | 1 Htmlgear Guestgear | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag. | ||||
| CVE-2002-1480 | 1 Phpgb | 1 Phpgb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry. | ||||
| CVE-2002-1481 | 1 Phpgb | 1 Phpgb | 2025-04-03 | N/A |
| savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. | ||||
| CVE-2002-1482 | 1 Phpgb | 1 Phpgb | 2025-04-03 | N/A |
| SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry. | ||||
| CVE-2002-1483 | 1 Db4web | 1 Db4web | 2025-04-03 | N/A |
| db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot). | ||||
| CVE-2002-1489 | 1 Planetdns | 1 Planetweb | 2025-04-03 | N/A |
| Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name. | ||||