Export limit exceeded: 346570 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346570 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346570 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346570 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0736 | 1 Phpwebsite | 1 Phpwebsite | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules. | ||||
| CVE-2002-0134 | 1 Avirt | 1 Avirt Gateway Suite | 2026-04-16 | N/A |
| Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command. | ||||
| CVE-2002-0140 | 1 Dnrd | 1 Dnrd | 2026-04-16 | N/A |
| Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions. | ||||
| CVE-2006-0710 | 1 Isode | 1 M-vault Server | 2026-04-16 | N/A |
| Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP. | ||||
| CVE-2002-0141 | 1 Maelstrom | 1 Maelstrom Gpl | 2026-04-16 | N/A |
| Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file. | ||||
| CVE-2002-0144 | 1 Scott Parish | 1 Chuid | 2026-04-16 | N/A |
| Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the ownership of files outside of the upload directory via a .. (dot dot) attack. | ||||
| CVE-2006-0717 | 1 Ibm | 1 Tivoli Directory Server | 2026-04-16 | N/A |
| IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite. | ||||
| CVE-2003-0737 | 1 Phpwebsite | 1 Phpwebsite | 2026-04-16 | N/A |
| The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library. | ||||
| CVE-2002-0145 | 1 Scott Parish | 1 Chuid | 2026-04-16 | N/A |
| chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root. | ||||
| CVE-2002-0150 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | ||||
| CVE-2006-0718 | 1 Avaya | 5 Csu 5000, Vsu 100, Vsu 10000 and 2 more | 2026-04-16 | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | ||||
| CVE-2003-0742 | 1 Sco | 1 Openserver | 2026-04-16 | N/A |
| SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program. | ||||
| CVE-2002-0153 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. | ||||
| CVE-2006-0723 | 1 Reamday Enterprises | 1 Magic News Lite | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter. | ||||
| CVE-2003-0743 | 1 University Of Cambridge | 1 Exim | 2026-04-16 | N/A |
| Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer. | ||||
| CVE-2002-0155 | 1 Microsoft | 3 Msn Chat Control, Msn Messenger, Msn Messenger Service For Exchange | 2026-04-16 | N/A |
| Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. | ||||
| CVE-2006-0724 | 1 Reamday Enterprises | 1 Magic News Lite | 2026-04-16 | N/A |
| profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | ||||
| CVE-2002-0159 | 1 Cisco | 1 Secure Access Control Server | 2026-04-16 | N/A |
| Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. | ||||
| CVE-2006-0727 | 1 Musox | 1 Df Msanalysis | 2026-04-16 | N/A |
| SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name. | ||||
| CVE-2002-0162 | 2 Logwatch, Redhat | 3 Logwatch, Linux, Powertools | 2026-04-16 | N/A |
| LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory. | ||||