Export limit exceeded: 29910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29910 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1145 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | N/A |
| The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. | ||||
| CVE-2003-1036 | 1 Sap | 1 Internet Transaction Server | 2026-04-16 | N/A |
| Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header. | ||||
| CVE-2002-1147 | 1 Hp | 1 Procurve Switch 4000m | 2026-04-16 | N/A |
| The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. | ||||
| CVE-2002-1148 | 2 Apache, Redhat | 3 Tomcat, Rhel Stronghold, Stronghold | 2026-04-16 | N/A |
| The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. | ||||
| CVE-2003-1039 | 1 Sap | 1 Mysap Business Suite | 2026-04-16 | N/A |
| Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server. | ||||
| CVE-2002-1149 | 1 Invision Power Services | 1 Invision Board | 2026-04-16 | N/A |
| The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings. | ||||
| CVE-2006-4240 | 1 Fusionphp | 1 Fusion News | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. | ||||
| CVE-2002-1156 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled. | ||||
| CVE-2002-1157 | 2 Mod Ssl, Redhat | 5 Mod Ssl, Enterprise Linux, Linux and 2 more | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. | ||||
| CVE-2002-1165 | 3 Netbsd, Redhat, Sendmail | 4 Netbsd, Enterprise Linux, Linux and 1 more | 2026-04-16 | N/A |
| Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified. | ||||
| CVE-2006-4241 | 1 Mamboxchange | 1 Reporter | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2002-1168 | 1 Ibm | 1 Websphere Caching Proxy Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. | ||||
| CVE-2002-1169 | 1 Ibm | 1 Websphere Caching Proxy Server | 2026-04-16 | N/A |
| IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. | ||||
| CVE-2002-1176 | 1 Nullsoft | 1 Winamp | 2026-04-16 | N/A |
| Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file. | ||||
| CVE-2006-4258 | 1 John Hanna | 1 Anti-spam Smtp Proxy Server | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter. | ||||
| CVE-2006-4260 | 1 Jake Olefsky | 1 Fotopholder | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. (dot dot) in the path parameter. | ||||
| CVE-2002-1179 | 1 Microsoft | 1 Outlook Express | 2026-04-16 | N/A |
| Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. | ||||
| CVE-2002-1181 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. | ||||
| CVE-2002-1184 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. | ||||
| CVE-2002-1192 | 2 Netbsd, Rogue | 2 Netbsd, Rogue | 2026-04-16 | N/A |
| Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file. | ||||