Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0169 1 Redhat 3 Docbook Stylesheets, Docbook Utils, Linux 2026-04-16 N/A
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.
CVE-2002-0171 1 Sgi 1 Irisconsole 2026-04-16 N/A
IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.
CVE-2002-0177 2 Icecast, Redhat 2 Icecast, Powertools 2026-04-16 N/A
Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client.
CVE-2003-0771 1 Apache Gallery 1 Apache Gallery 2026-04-16 N/A
Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
CVE-2002-0226 1 Dcscripts 1 Dcforum 2026-04-16 N/A
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
CVE-2002-0234 1 Juniper 1 Netscreen Screenos 2026-04-16 N/A
NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections.
CVE-2006-0765 1 Mirabilis 2 Icq, Icq Lite 2026-04-16 N/A
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs.
CVE-2002-0244 1 Atheos 1 Atheos 2026-04-16 N/A
Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.
CVE-2006-0767 1 Nathan Neulinger 1 Cgiwrap 2026-04-16 N/A
CGIWrap before 3.10 allows remote attackers to obtain sensitive information via unknown attack vectors that cause errors in scripts that reveal system information.
CVE-2002-0248 1 Wliang 1 Wmtv 2026-04-16 N/A
wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file.
CVE-2002-0251 1 Licq 1 Licq 2026-04-16 N/A
Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d".
CVE-2002-0255 1 Arescom 1 Netdsl 2026-04-16 N/A
The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router.
CVE-2006-0770 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2002-0259 1 Instantservers Inc. 1 Miniportal 2026-04-16 N/A
InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
CVE-2002-0266 1 Thunderstone Software 1 Texis 2026-04-16 N/A
Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname.
CVE-2006-1473 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
CVE-2002-0281 1 Codeworx Technologies 1 Dcp-portal 2026-04-16 N/A
Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.
CVE-2002-0292 1 Open Source Development Network 1 Slashcode 2026-04-16 N/A
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.
CVE-2006-4122 1 Simple One-file Guestbook 1 Simple One-file Guestbook 2026-04-16 N/A
Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php.
CVE-2003-0990 1 Squirrelmail 2 Gpg Plugin, Squirrelmail 2026-04-16 N/A
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.