Search Results (362653 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4859 1 Chitta 1 Mimicboard 2026-04-16 N/A
mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mimic2.dat.
CVE-2006-4943 1 Moodle 1 Moodle 2026-04-16 N/A
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
CVE-2006-4937 1 Moodle 1 Moodle 2026-04-16 N/A
lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages.
CVE-2006-3816 1 Krusader 1 Krusader 2026-04-16 N/A
Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file.
CVE-2006-3814 1 Cheese Tracker 1 Cheese Tracker 2026-04-16 N/A
Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data.
CVE-2006-2580 1 Hp 1 Openview Network Node Manager 2026-04-16 N/A
Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors.
CVE-2006-2577 1 Docebo 1 Docebo 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information.
CVE-2002-2111 1 Gianni Tedesco 1 Fwmon 2026-04-16 N/A
Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet.
CVE-2004-0715 1 Bea 1 Weblogic Server 2026-04-16 N/A
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
CVE-2002-2112 1 Rca 1 Digital Cable Modem 2026-04-16 N/A
RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must conform to the Data-over-Cable Service Interface Specifications DOCSIS standard, uses the "public" community string for SNMP access, which allows remote attackers to read or write MIB information.
CVE-2002-2113 1 Agh 1 Htmlsearch 2026-04-16 N/A
search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter.
CVE-2004-0716 1 Hp 1 Hp-ux 2026-04-16 N/A
Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.
CVE-2002-2121 1 Surfcontrol 1 Superscout Email Filter 2026-04-16 N/A
SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote attackers to cause a denial of service (crash) via a long SMTP (1) HELO or (2) RCPT TO command, possibly due to a buffer overflow.
CVE-2002-2122 1 Pointsec Mobile Technologies 1 Pointsec 2026-04-16 N/A
Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory.
CVE-2002-2124 1 Nylon 1 Nylon 2026-04-16 N/A
The recvn and sendn functions in nylon 0.2 do not check when the recv function call returns 0, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) by closing the connection while recv is executing.
CVE-2004-0960 2 Freeradius, Redhat 3 Freeradius, Enterprise Linux, Fedora Core 2026-04-16 N/A
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
CVE-2002-2126 1 Pedestal Software 1 Integrity Protection Driver 2026-04-16 N/A
restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time.
CVE-2005-2738 1 Sun 1 Java 2026-04-16 N/A
Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program.
CVE-2002-2127 1 Pedestal Software 1 Integrity Protection Driver 2026-04-16 N/A
Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink.
CVE-2004-0718 4 Firebirdsql, Mozilla, Netscape and 1 more 4 Firebird, Mozilla, Navigator and 1 more 2026-04-16 N/A
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.