Search Results (362116 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1435 1 Achievo 1 Achievo 2026-04-16 N/A
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
CVE-2004-1602 1 Proftpd 1 Proftpd 2026-04-16 N/A
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
CVE-2005-0068 1 Tcp 1 Tcp 2026-04-16 N/A
The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
CVE-2005-2688 1 Savewebportal 1 Savewebportal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields.
CVE-2002-1436 1 Novell 1 Netware 2026-04-16 N/A
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
CVE-2005-0074 1 Xpcd 1 Xpcd 2026-04-16 N/A
Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code.
CVE-2005-2691 1 Runcms 1 Runcms 2026-04-16 N/A
includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.
CVE-2002-1439 1 Hp 2 Virtualvault, Vvos 2026-04-16 N/A
Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.
CVE-2002-1440 1 Gateway 1 Gs-400 2026-04-16 N/A
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
CVE-2005-0082 1 Mysql 1 Maxdb 2026-04-16 N/A
The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash.
CVE-2002-1441 1 Tomahawk Technologies 1 Steelarrow 2026-04-16 N/A
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
CVE-2002-1444 2 Google, Microsoft 2 Toolbar, Internet Explorer 2026-04-16 N/A
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.
CVE-2002-1445 1 W3c 1 Cern Httpd 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.
CVE-2004-0690 1 Kde 1 Kde 2026-04-16 N/A
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
CVE-2005-2915 1 Linksys 1 Wrt54g 2026-04-16 N/A
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914.
CVE-2002-1451 1 Desiderata Software 1 Blazix 2026-04-16 N/A
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
CVE-2002-1453 1 Mywebserver 1 Mywebserver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message.
CVE-2002-1454 1 Mywebserver 1 Mywebserver 2026-04-16 N/A
MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message.
CVE-2002-1455 1 Omnicron 1 Omnihttpd 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe.
CVE-2002-1461 1 Webscriptworld 1 Web Shop Manager 2026-04-16 N/A
Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.