Search Results (363163 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0468 2 Ecartis, Listar 2 Ecartis, Listar 2026-04-16 N/A
Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.
CVE-2001-1259 1 Avaya 1 Argent Office 2026-04-16 N/A
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
CVE-2006-4753 1 Comscripts 1 Phprog 2026-04-16 N/A
Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
CVE-2002-0470 1 Phpnettoolpack 1 Phpnettoolpack 2026-04-16 N/A
PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.
CVE-2002-0473 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
CVE-2004-0324 1 Confirm 1 Confirm 2026-04-16 N/A
Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.
CVE-2002-0479 1 Gravity Storm Software 1 Service Pack Manager 2000 2026-04-16 N/A
Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share.
CVE-2002-0480 1 Iss 1 Realsecure Nokia 2026-04-16 N/A
ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.
CVE-2002-0484 1 Php 1 Php 2026-04-16 N/A
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
CVE-2004-0327 1 Skintech 1 Phpnewsmanager 2026-04-16 N/A
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
CVE-2002-0487 1 Workforceroi 1 Xpede 2026-04-16 N/A
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
CVE-2004-0328 1 Gigabyte 1 Gn-b46b 2026-04-16 N/A
Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system.
CVE-2002-0489 1 Linux Directory Penguin 1 Nslookup 2026-04-16 N/A
Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.
CVE-2004-0330 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
CVE-2002-0490 1 Instant Web Mail 1 Instant Web Mail 2026-04-16 N/A
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
CVE-2002-0491 1 Alguest 1 Alguest 2026-04-16 N/A
admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.
CVE-2002-0497 1 Mtr 1 Mtr 2026-04-16 N/A
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
CVE-2004-0340 1 Texas Imperial Software 1 Wftpd 2026-04-16 N/A
Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.
CVE-2002-0498 1 Etnus 1 Totalview 2026-04-16 N/A
Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.
CVE-2002-0502 1 Citrix 1 Nfuse 2026-04-16 N/A
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.