Search Results (362534 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0595 4 Avaya, Php, Redhat and 1 more 11 Converged Communications Server, Integrated Management, S8300 and 8 more 2026-04-16 N/A
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
CVE-2002-1897 1 Mywebserver 1 Mywebserver 2026-04-16 N/A
MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a denial of service (crash) via a long HTTP request, possibly triggering a buffer overflow.
CVE-2004-0596 1 Linux 1 Linux Kernel 2026-04-16 N/A
The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.
CVE-2002-1899 1 Icewarp 1 Web Mail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter.
CVE-2004-0597 3 Greg Roelofs, Microsoft, Redhat 7 Libpng, Msn Messenger, Windows 98se and 4 more 2026-04-16 N/A
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
CVE-2002-1902 1 Markus Triska 1 Cgiforum 2026-04-16 N/A
CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent.
CVE-2002-1905 1 Polycom 1 Viavideo 2026-04-16 N/A
Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
CVE-2002-1906 1 Polycom 1 Viavideo 2026-04-16 N/A
The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.
CVE-2002-1908 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.
CVE-2004-0601 1 Distcc 1 Distcc 2026-04-16 N/A
distcc before 2.16, when running on 64-bit platforms, does not interpret IP-based access control rules correctly, which could allow remote attackers to bypass intended restrictions.
CVE-2002-1911 1 Zonelabs 1 Zonealarm 2026-04-16 N/A
ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.
CVE-2002-1914 2 Dump Project, Redhat 2 Dump, Enterprise Linux 2026-04-16 5.5 Medium
dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.
CVE-2002-1917 1 Geeklog 1 Geeklog 2026-04-16 N/A
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
CVE-2002-1919 1 Virtual Programming 1 Vp-asp 2026-04-16 N/A
SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.
CVE-2002-1923 1 Oracle 1 Mysql 2026-04-16 N/A
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
CVE-2004-0604 2 Gentoo, Gift-fasttrack 2 Linux, Gift-fasttrack 2026-04-16 N/A
The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.
CVE-2002-1926 1 Aquonics Scripting 1 Aquonics File Manager 2026-04-16 N/A
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string.
CVE-2002-1929 1 Php Arena 1 Pafiledb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions.
CVE-2002-1930 1 An 1 An-httpd 2026-04-16 N/A
Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username.
CVE-2004-0606 1 Infoblox 1 Dns One Appliance 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the (1) CLIENTID or (2) HOSTNAME option of a DHCP request.