Export limit exceeded: 349437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29913 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1794 | 1 Hp | 2 Hp-ux, Ldap-ux Integration | 2026-04-16 | N/A |
| Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute r-commands with privileges of other users. | ||||
| CVE-2006-4480 | 1 Nuked-klan | 1 Nuked-klan | 2026-04-16 | N/A |
| Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element. | ||||
| CVE-2002-1797 | 1 Hp | 1 Chaivm | 2026-04-16 | N/A |
| ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer. | ||||
| CVE-2006-4481 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017. | ||||
| CVE-2003-1184 | 1 Thwboard | 1 Thwboard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs." | ||||
| CVE-2002-1824 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. | ||||
| CVE-2002-1982 | 1 Icecast | 1 Icecast | 2026-04-16 | N/A |
| Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not. | ||||
| CVE-2002-1985 | 1 Incognito Software Inc | 1 Ismtp Gateway | 2026-04-16 | N/A |
| iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow. | ||||
| CVE-2002-1997 | 1 Zonelabs | 1 Zonealarm | 2026-04-16 | N/A |
| ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering and possibly execute arbitrary code via email attachments containing a trailing dot after the file extension. | ||||
| CVE-2006-4536 | 1 Cms Frogss | 1 Cms Frogss | 2026-04-16 | N/A |
| SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter. | ||||
| CVE-2002-2009 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. | ||||
| CVE-2002-2029 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. | ||||
| CVE-2003-1198 | 1 Cherokee | 1 Cherokee Httpd | 2026-04-16 | N/A |
| connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field. | ||||
| CVE-2002-2046 | 1 Xqus | 1 X-news | 2026-04-16 | N/A |
| x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie. | ||||
| CVE-2002-2052 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an interim release of the software. | ||||
| CVE-2002-2057 | 1 Teekai | 1 Teekai Forum | 2026-04-16 | N/A |
| TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | ||||
| CVE-2006-4543 | 1 Hlstats | 1 Hlstats | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode. | ||||
| CVE-2003-1202 | 1 Omail | 1 Omail Webmail | 2026-04-16 | N/A |
| The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username. | ||||
| CVE-2002-2062 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. | ||||
| CVE-2002-2076 | 1 Summit Computer Networks | 1 Lil Http | 2026-04-16 | N/A |
| Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. | ||||