Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1131 1 Activecampaign 1 Knowledgebuilder 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code.
CVE-2002-1644 1 Ssh 1 Ssh2 2026-04-16 N/A
SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.
CVE-2002-1646 1 Ssh 1 Secure Shell For Servers 2026-04-16 N/A
SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.
CVE-2003-1133 1 Ritlabs 1 The Bat 2026-04-16 N/A
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.
CVE-2006-4426 1 Albert 1 Albert-easysite 2026-04-16 N/A
PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
CVE-2002-1659 1 Iatek 1 Portalapp 2026-04-16 N/A
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.
CVE-2002-1665 1 Yahoo 1 Messenger 2026-04-16 N/A
Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field.
CVE-2006-4427 1 Efiction 1 Efiction 2026-04-16 N/A
index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".
CVE-2003-1136 1 Chi Kien Uong 1 Chi Kien Uong Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL.
CVE-2006-4429 1 Phlymail 1 Phlymail Lite 2026-04-16 N/A
PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly
CVE-2003-1137 1 Charles Steinkuehler 1 Sh-httpd 2026-04-16 N/A
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character.
CVE-2002-1698 1 Microsoft 1 Msn Messenger 2026-04-16 N/A
Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
CVE-2006-4437 1 Venture Nine 1 Tagger Le 2026-04-16 N/A
Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in (1) tags.php, (2) sign.php, and (3) admin/index.php.
CVE-2003-1144 1 Perception 1 Liteserve 2026-04-16 N/A
Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.
CVE-2002-1728 1 Asksam Systems 1 Asksam Web Publisher 2026-04-16 N/A
askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path.
CVE-2003-1152 1 Infrontech 1 Webtide 2026-04-16 N/A
WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
CVE-2003-1153 1 Bytehoard 1 Bytehoard 2026-04-16 N/A
byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php.
CVE-2002-1732 1 Actinic 1 Actinic Catalog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl.
CVE-2003-1154 1 Clearswift 1 Mailsweeper 2026-04-16 N/A
MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants.
CVE-2002-1733 1 Prospero Technologies 1 Prospero Message Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post.