Search Results (366888 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2082 1 Floosietek 2 Ftgateoffice, Ftgatepro 2026-04-16 N/A
FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users.
CVE-2003-0809 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
CVE-2002-2077 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
CVE-2002-2060 1 Twibright Labs 1 Links 2026-04-16 N/A
Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images.
CVE-2002-2022 1 Kaffe 1 Kaffe Openvm 2026-04-16 N/A
Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute.
CVE-2003-0803 1 Nokia 1 Electronic Documentation 2026-04-16 N/A
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.
CVE-2003-0794 1 Gnome 1 Gdm 2026-04-16 N/A
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
CVE-2003-0789 2 Apache, Redhat 2 Http Server, Linux 2026-04-16 N/A
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
CVE-2002-2017 1 Sas 2 Base, Integration Technologies 2026-04-16 N/A
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
CVE-2002-2009 1 Apache 1 Tomcat 2026-04-16 N/A
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
CVE-2002-2000 1 Compaq 1 Acms 2026-04-16 N/A
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.
CVE-2003-0779 1 Digium 1 Asterisk 2026-04-16 N/A
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
CVE-2003-0773 2 Redhat, Sane 4 Enterprise Linux, Linux, Sane and 1 more 2026-04-16 N/A
saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.
CVE-2001-1550 1 Centra 3 Asp, Centraone, Smart Connect 2026-04-16 N/A
CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.
CVE-2003-0769 1 Mirabilis 1 Icq 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.
CVE-2003-0768 1 Microsoft 1 Asp.net 2026-04-16 N/A
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
CVE-2003-0752 1 Attila-php.net 1 Attilaphp 2026-04-16 N/A
SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter.
CVE-2003-0739 1 Vmware 1 Workstation 2026-04-16 N/A
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
CVE-2003-0734 1 Padl Software 1 Pam Ldap 2026-04-16 N/A
Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.
CVE-2003-0722 1 Sun 1 Solaris 2026-04-16 N/A
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.