Export limit exceeded: 359762 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359762 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0601 | 1 Information Security Systems | 1 Realsecure Network Sensor | 2026-04-16 | N/A |
| ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer. | ||||
| CVE-2006-2920 | 2 Sylpheed, Sylpheed-claws | 2 Sylpheed, Sylpheed-claws | 2026-04-16 | N/A |
| Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character. | ||||
| CVE-2004-2177 | 1 Devoybb | 1 Devoybb Web Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2006-2919 | 1 Microsoft | 1 Netmeeting | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption. | ||||
| CVE-2002-0576 | 1 Allaire | 1 Coldfusion Server | 2026-04-16 | N/A |
| ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. | ||||
| CVE-2004-2157 | 1 S9y | 1 Serendipity | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field. | ||||
| CVE-2002-0562 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2026-04-16 | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | ||||
| CVE-2005-2017 | 1 Symantec | 1 Norton Antivirus | 2026-04-16 | N/A |
| Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540. | ||||
| CVE-2004-2127 | 1 Leif M. Wright | 1 Web Blog | 2026-04-16 | N/A |
| Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable. | ||||
| CVE-2002-0604 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2026-04-16 | N/A |
| Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options. | ||||
| CVE-2006-2904 | 1 Particle Soft | 1 Particle Links | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | ||||
| CVE-2002-0514 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL. | ||||
| CVE-2006-2897 | 1 Funkboard | 1 Funkboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors. | ||||
| CVE-2005-2005 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. | ||||
| CVE-2002-0517 | 1 Caldera | 2 Openunix, Unixware | 2026-04-16 | N/A |
| Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm. | ||||
| CVE-2006-2896 | 1 Funkboard | 1 Funkboard | 2026-04-16 | N/A |
| profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action. | ||||
| CVE-2004-2099 | 1 Electronic Arts | 1 Need For Speed Hot Pursuit 2 | 2026-04-16 | N/A |
| Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows remote attackers (servers) to execute arbitrary code via long (1) gamename, (2) gamever, (3) hostname, (4) gametype, (5) mapname or (6) gamemode commands. | ||||
| CVE-2006-2894 | 2 Mozilla, Netscape | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2026-04-16 | N/A |
| Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | ||||
| CVE-2006-2891 | 1 Pixelpost | 1 Pixelpost | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter. | ||||
| CVE-2006-2890 | 1 Pixelpost | 1 Pixelpost | 2026-04-16 | N/A |
| Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | ||||