Export limit exceeded: 356992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29941 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29941 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1710 | 1 Basilix | 1 Basilix Webmail | 2026-04-16 | N/A |
| The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file. | ||||
| CVE-2005-2008 | 1 Yaws | 1 Webserver | 2026-04-16 | N/A |
| Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null). | ||||
| CVE-2002-1722 | 1 Logitech | 3 Cordless Freedom Itouch Keyboard, Cordless Itouch Keyboard, Itouch Keyboard | 2026-04-16 | N/A |
| Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button. | ||||
| CVE-2005-2025 | 1 Cisco | 8 Vpn 3000 Concentrator, Vpn 3000 Concentrator Series Software, Vpn 3005 Concentrator Software and 5 more | 2026-04-16 | N/A |
| Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname. | ||||
| CVE-2002-1726 | 1 Brokenbytes | 1 Photodb | 2026-04-16 | N/A |
| secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page. | ||||
| CVE-2005-2028 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | ||||
| CVE-2005-2029 | 1 Amarok | 1 Web Frontend | 2026-04-16 | N/A |
| amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file. | ||||
| CVE-2002-1749 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges. | ||||
| CVE-2006-0868 | 1 Pear | 1 Xml Rpc | 2026-04-16 | N/A |
| Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers." | ||||
| CVE-2006-0870 | 1 Mini-nuke | 1 Mini-nuke Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well. | ||||
| CVE-2005-2038 | 1 Fortibus | 1 Fortibus Cms | 2026-04-16 | N/A |
| Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page. | ||||
| CVE-2002-1762 | 1 Microsoft | 1 Baseline Security Analyzer | 2026-04-16 | N/A |
| Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. | ||||
| CVE-2002-1763 | 1 Sun | 1 Sunos | 2026-04-16 | N/A |
| The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session. | ||||
| CVE-2002-1764 | 1 Adobe | 1 Acrobat Reader | 2026-04-16 | N/A |
| acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2002-1772 | 1 Novell | 1 Netware | 2026-04-16 | N/A |
| Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password. | ||||
| CVE-2006-2258 | 1 Maxxcode | 1 Maxxschedule | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter. | ||||
| CVE-2005-2097 | 3 Kde, Redhat, Xpdf | 3 Kpdf, Enterprise Linux, Xpdf | 2026-04-16 | N/A |
| xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information. | ||||
| CVE-2006-2260 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-4226 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2026-04-16 | N/A |
| MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. | ||||
| CVE-2006-2263 | 1 Virtual Programming | 1 Vp-asp | 2026-04-16 | N/A |
| SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||