Export limit exceeded: 363758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363758 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0686 1 Iplanet 1 Iplanet Web Server 2026-04-16 N/A
Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter.
CVE-2002-1543 1 Netbsd 1 Netbsd 2026-04-16 N/A
Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input.
CVE-2005-0742 1 Sun 1 Java System Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2002-0039 1 Sgi 1 Irix 2026-04-16 N/A
rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths.
CVE-2002-2040 1 Qnx 1 Rtos 2026-04-16 N/A
The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.
CVE-2002-1912 1 Skystream 1 Emr5000 2026-04-16 7.5 High
SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets.
CVE-2005-3794 1 Alstrasoft 1 Affiliate Network Pro 2026-04-16 N/A
AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts.
CVE-2005-0738 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
CVE-2002-1877 1 Netgear 1 Fm114p 2026-04-16 N/A
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname.
CVE-2005-3792 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.
CVE-2005-4424 1 Phpkit 1 Phpkit 2026-04-16 N/A
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
CVE-2002-2030 1 Sqldata 1 Sqldata Enterprise Server 2026-04-16 N/A
Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows remote attacker to execute arbitrary code and cause a denial of service via a long HTTP request.
CVE-2002-0026 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.
CVE-2002-0025 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document.
CVE-2002-2024 1 Horde 1 Imp 2026-04-16 5.3 Medium
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
CVE-2002-1825 1 Wasd 1 Wasd Http Server 2026-04-16 N/A
Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable.
CVE-2002-0018 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
CVE-2002-0017 1 Sgi 1 Irix 2026-04-16 N/A
Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.
CVE-2002-1479 1 The Cacti Group 1 Cacti 2026-04-16 N/A
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.
CVE-2002-1481 1 Phpgb 1 Phpgb 2026-04-16 N/A
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.