Export limit exceeded: 360417 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360417 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2163 | 1 Killervault | 1 Kvpoll | 2026-04-16 | N/A |
| KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php. | ||||
| CVE-2006-3338 | 1 Atlassian | 1 Jira | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. | ||||
| CVE-2006-3336 | 1 Twiki | 1 Twiki | 2026-04-16 | N/A |
| TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. | ||||
| CVE-2005-0229 | 1 Citrusdb | 1 Citrusdb Customer Database | 2026-04-16 | N/A |
| CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt. | ||||
| CVE-2002-2115 | 1 Hns | 2 Hns, Hns-lite | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2002-2113 | 1 Agh | 1 Htmlsearch | 2026-04-16 | N/A |
| search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter. | ||||
| CVE-2002-2110 | 1 Rca | 1 Digital Cable Modem | 2026-04-16 | N/A |
| The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers to cause a denial of service (modem device reset) by connecting to port 80 on the 10.0.0.0/8 device. | ||||
| CVE-2005-0219 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. | ||||
| CVE-2002-2104 | 1 Ganglia | 1 Php Rrd Web Client | 2026-04-16 | N/A |
| graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function. | ||||
| CVE-2002-2102 | 1 Jcraft | 1 Jzlib | 2026-04-16 | N/A |
| InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data. | ||||
| CVE-2002-2101 | 1 Microsoft | 1 Outlook | 2026-04-16 | N/A |
| Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. | ||||
| CVE-2002-2098 | 1 Axspawn | 1 Axspawn | 2026-04-16 | N/A |
| Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets. | ||||
| CVE-2002-2094 | 1 Joetesta | 1 Hellbent | 2026-04-16 | N/A |
| Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct. | ||||
| CVE-2002-2091 | 1 Decfingerd | 1 Decfingerd | 2026-04-16 | N/A |
| Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request. | ||||
| CVE-2002-2088 | 1 Mosix Project | 1 Clump Os | 2026-04-16 | N/A |
| The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access. | ||||
| CVE-2006-3329 | 1 Deltascripts | 1 Php Classifieds | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter. | ||||
| CVE-2002-2083 | 1 Novell | 1 Netware | 2026-04-16 | N/A |
| The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen. | ||||
| CVE-2002-2074 | 1 Erwin Lansing | 1 Mailidx | 2026-04-16 | N/A |
| SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page. | ||||
| CVE-2002-2063 | 1 Atguard | 1 Atguard Personal Firewall | 2026-04-16 | N/A |
| AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames. | ||||
| CVE-2002-2047 | 1 Sketch | 1 Sketch | 2026-04-16 | N/A |
| The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript (EPS) file. | ||||