Search Results (363165 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0498 1 Etnus 1 Totalview 2026-04-16 N/A
Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.
CVE-2002-0502 1 Citrix 1 Nfuse 2026-04-16 N/A
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
CVE-2002-0505 1 Cisco 1 Call Manager 2026-04-16 N/A
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.
CVE-2004-0341 1 Texas Imperial Software 1 Wftpd 2026-04-16 N/A
WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
CVE-2002-0506 1 Redhat 1 Linux 2026-04-16 N/A
Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.
CVE-2002-0515 1 Phildev 1 Ipfilter 2026-04-16 N/A
IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.
CVE-2002-0520 1 Asp-nuke 1 Asp-nuke 2026-04-16 N/A
Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.
CVE-2004-0342 1 Wftpd Pro Server Project 1 Wftpd Pro Server 2026-04-16 5.5 Medium
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
CVE-2004-0935 11 Archive Zip, Broadcom, Ca and 8 more 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more 2026-04-16 N/A
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVE-2002-0528 1 Watchguard 1 Soho Firewall 2026-04-16 N/A
Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules.
CVE-2006-4738 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.
CVE-2004-0300 1 Ecommerce Corporation Online 1 Store Kit 2026-04-16 N/A
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
CVE-2004-0297 1 Ipswitch 1 Imail 2026-04-16 N/A
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
CVE-2002-0415 1 Realnetworks 1 Realplayer 2026-04-16 N/A
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
CVE-2004-0292 1 Karjasoft 1 Sami Http Server 2026-04-16 N/A
Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
CVE-2002-0414 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-16 N/A
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
CVE-2002-0413 1 Rebb 1 Rebb 2026-04-16 N/A
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
CVE-2002-0411 1 Aeromail 1 Aeromail 2026-04-16 N/A
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
CVE-2002-0410 1 Aeromail 1 Aeromail 2026-04-16 N/A
send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.
CVE-2002-0409 1 Microsoft 1 .net Framework 2026-04-16 N/A
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter.