Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0185 | 2 Apache, Redhat | 2 Mod Python, Linux | 2026-04-16 | N/A |
| mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module. | ||||
| CVE-2002-0187 | 1 Microsoft | 1 Sql Server | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." | ||||
| CVE-2002-0189 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability. | ||||
| CVE-2002-0193 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. | ||||
| CVE-2002-0199 | 1 Nullsoft | 1 Shoutcast Server | 2026-04-16 | N/A |
| Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes. | ||||
| CVE-2002-0201 | 1 Cyberstop | 1 Cyberstop Web Server | 2026-04-16 | N/A |
| Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow. | ||||
| CVE-2002-0203 | 1 Tarantella | 1 Tarantella Enterprise | 2026-04-16 | N/A |
| ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter. | ||||
| CVE-2002-0204 | 1 Gnu | 1 Chess | 2026-04-16 | N/A |
| Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command. | ||||
| CVE-2002-0205 | 1 Plumtree | 1 Plumtree Corporate Portal | 2026-04-16 | N/A |
| Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter. | ||||
| CVE-2002-0207 | 1 Realnetworks | 2 Realone Player, Realplayer Intranet | 2026-04-16 | N/A |
| Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header. | ||||
| CVE-2006-0589 | 1 Jaia Interactive | 1 Mytopix | 2026-04-16 | N/A |
| MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message. | ||||
| CVE-2002-0215 | 1 Steve Kneizys | 1 Agora.cgi | 2026-04-16 | N/A |
| Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message. | ||||
| CVE-2002-0216 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter. | ||||
| CVE-2002-0218 | 1 Sas | 2 Sas Base, Sas Integration Technologies | 2026-04-16 | N/A |
| Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument. | ||||
| CVE-2006-0597 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes". | ||||
| CVE-2002-0220 | 1 Phpsmssend | 1 Phpsmssend | 2026-04-16 | N/A |
| phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters. | ||||
| CVE-2002-0223 | 2 Infopop, Wired Community Software | 2 Ultimate Bulletin Board, Wwwthreads | 2026-04-16 | N/A |
| Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension. | ||||
| CVE-2002-0228 | 1 Microsoft | 1 Msn Messenger | 2026-04-16 | N/A |
| Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). | ||||
| CVE-2002-0892 | 1 New Atlanta Communications | 1 Servletexec Isapi | 2026-04-16 | N/A |
| The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message. | ||||
| CVE-2002-0229 | 1 Php | 1 Php | 2026-04-16 | N/A |
| Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements. | ||||