Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2101 | 1 Microsoft | 1 Outlook | 2026-04-16 | N/A |
| Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. | ||||
| CVE-2002-2102 | 1 Jcraft | 1 Jzlib | 2026-04-16 | N/A |
| InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data. | ||||
| CVE-2002-2104 | 1 Ganglia | 1 Php Rrd Web Client | 2026-04-16 | N/A |
| graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function. | ||||
| CVE-2005-0219 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. | ||||
| CVE-2002-2110 | 1 Rca | 1 Digital Cable Modem | 2026-04-16 | N/A |
| The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers to cause a denial of service (modem device reset) by connecting to port 80 on the 10.0.0.0/8 device. | ||||
| CVE-2002-2113 | 1 Agh | 1 Htmlsearch | 2026-04-16 | N/A |
| search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter. | ||||
| CVE-2002-2115 | 1 Hns | 2 Hns, Hns-lite | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2005-0229 | 1 Citrusdb | 1 Citrusdb Customer Database | 2026-04-16 | N/A |
| CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt. | ||||
| CVE-2006-3336 | 1 Twiki | 1 Twiki | 2026-04-16 | N/A |
| TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. | ||||
| CVE-2006-3338 | 1 Atlassian | 1 Jira | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. | ||||
| CVE-2002-2163 | 1 Killervault | 1 Kvpoll | 2026-04-16 | N/A |
| KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php. | ||||
| CVE-2002-2172 | 1 Shana | 2 Informed Designer, Informed Filler | 2026-04-16 | N/A |
| Informed (1) Designer and (2) Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information. | ||||
| CVE-2002-2179 | 1 Unisys | 1 Clearpath Mcp | 2026-04-16 | N/A |
| The dynamic initialization feature of the ClearPath MCP environment allows remote attackers to cause a denial of service (crash) via a TCP port scan using a tool such as nmap. | ||||
| CVE-2002-2181 | 1 Sonicwall | 1 Content Filtering | 2026-04-16 | N/A |
| SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. | ||||
| CVE-2006-3342 | 1 Olate | 1 Arctic | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd. | ||||
| CVE-2006-3348 | 1 Swsoft | 1 Hspcomplete | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php. | ||||
| CVE-2006-3349 | 1 Sms Script | 1 Sms Script | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php. | ||||
| CVE-2006-3356 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469. | ||||
| CVE-2005-0276 | 1 3com | 1 3cdaemon | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands. | ||||
| CVE-2005-0286 | 1 Emotion | 1 Mediapartner Web Server | 2026-04-16 | N/A |
| eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file. | ||||