Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3896 | 1 Mozilla | 1 Mozilla | 2026-04-16 | N/A |
| Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. | ||||
| CVE-2005-0108 | 1 Apache | 1 Mod Auth Radius | 2026-04-16 | N/A |
| Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. | ||||
| CVE-2002-1387 | 1 Ehud Gavron | 1 Tracesroute | 2026-04-16 | N/A |
| The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument. | ||||
| CVE-2005-0138 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly allow access to anonymous clients that connect from a system whose hostname can not be determined. NOTE: while this issue occurs in a security mechanism, there is no apparent attacker role and probably does not satisfy the CVE definition of a vulnerability. | ||||
| CVE-2005-2884 | 1 Neocrome | 1 Land Down Under | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event. | ||||
| CVE-2005-3569 | 1 Ibm | 1 Db2 Content Manager | 2026-04-16 | N/A |
| INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. | ||||
| CVE-2002-0490 | 1 Instant Web Mail | 1 Instant Web Mail | 2026-04-16 | N/A |
| Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php. | ||||
| CVE-2005-3570 | 1 Horde | 1 Horde | 2026-04-16 | N/A |
| Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". | ||||
| CVE-2005-2894 | 1 Pblang | 1 Pblang | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field. | ||||
| CVE-2002-1398 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input." | ||||
| CVE-2002-0497 | 1 Mtr | 1 Mtr | 2026-04-16 | N/A |
| Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable. | ||||
| CVE-2002-1403 | 1 Phystech | 1 Dhcpcd | 2026-04-16 | N/A |
| dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script. | ||||
| CVE-2005-0200 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386. | ||||
| CVE-2005-2917 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2026-04-16 | N/A |
| Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). | ||||
| CVE-2005-2918 | 1 Gtkdiskfree | 1 Gtkdiskfree | 2026-04-16 | N/A |
| The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file. | ||||
| CVE-2005-0208 | 2 Redhat, Rob Flynn | 2 Enterprise Linux, Gaim | 2026-04-16 | N/A |
| The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473. | ||||
| CVE-2002-1407 | 1 Adam Megacz | 1 Tinyssl | 2026-04-16 | N/A |
| TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | ||||
| CVE-2005-0217 | 1 Invision Power Services | 1 Invision Community Blog | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter. | ||||
| CVE-2002-1408 | 1 Hp | 2 Openview Emanate Snmp Agent, Vvos | 2026-04-16 | N/A |
| Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name. | ||||
| CVE-2002-0512 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2026-04-16 | N/A |
| startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries. | ||||