Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2637 1 Phpfreenews 1 Phpfreenews 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.
CVE-2002-1195 1 Gabriele Bartolini 1 Ht Check 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.
CVE-2005-2638 1 Phpfreenews 1 Phpfreenews 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.
CVE-2002-1197 1 Mozilla 1 Bugzilla 2026-04-16 N/A
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.
CVE-2005-2639 1 Valusoft 1 Chris Moneymakers World Poker Championship 2026-04-16 N/A
Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.
CVE-2002-1210 1 Qualcomm 1 Eudora 2026-04-16 N/A
Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context.
CVE-2001-0277 1 Working Resources Inc. 1 Badblue 2026-04-16 N/A
Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
CVE-2002-1217 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
CVE-2002-1219 3 Freebsd, Isc, Openbsd 3 Freebsd, Bind, Openbsd 2026-04-16 N/A
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
CVE-2006-1530 2 Debian, Mozilla 4 Debian Linux, Firefox, Seamonkey and 1 more 2026-04-16 N/A
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
CVE-2002-1266 1 Apple 1 Mac Os X 2026-04-16 N/A
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."
CVE-2002-1267 1 Apple 1 Mac Os X 2026-04-16 N/A
Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."
CVE-2002-1268 1 Apple 1 Mac Os X 2026-04-16 N/A
Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."
CVE-2002-1269 1 Apple 1 Mac Os X 2026-04-16 N/A
Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.
CVE-2002-1272 1 Alcatel 1 Aos 2026-04-16 N/A
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
CVE-2005-2895 1 Pblang 1 Pblang 2026-04-16 N/A
setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message.
CVE-2002-1276 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2026-04-16 N/A
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
CVE-2006-1885 1 Oracle 1 Enterprise Manager 2026-04-16 N/A
Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02.
CVE-2002-1277 2 Redhat, Windowmaker 3 Enterprise Linux, Linux, Windowmaker 2026-04-16 N/A
Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.
CVE-2002-1278 1 Jacques Gelinas 1 Linuxconf 2026-04-16 N/A
The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.