Search Results (362446 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1352 1 Per Magne Knutsen 1 Cartman 2026-04-16 N/A
Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter.
CVE-2002-1347 3 Apple, Cyrusimap, Redhat 4 Mac Os X, Mac Os X Server, Cyrus Sasl and 1 more 2026-04-16 9.8 Critical
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
CVE-2002-1344 3 Gnu, Redhat, Sun 4 Wget, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.
CVE-2005-4388 1 Contens 1 Contens 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the near parameter.
CVE-2003-1461 1 Hp 1 Hp-ux 2026-04-16 N/A
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
CVE-2002-1341 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
CVE-2003-1435 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
CVE-2002-1336 2 Redhat, Tightvnc 3 Enterprise Linux, Linux, Tightvnc 2026-04-16 N/A
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
CVE-2004-0496 5 Gentoo, Linux, Mandrakesoft and 2 more 13 Linux, Linux Kernel, Mandrake Linux and 10 more 2026-04-16 N/A
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
CVE-2002-1322 1 Rational Software 1 Clearcase 2026-04-16 N/A
Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap.
CVE-2001-1496 1 Acme 1 Thttpd 2026-04-16 9.8 Critical
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2002-0051 1 Microsoft 1 Windows 2000 2026-04-16 7.8 High
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
CVE-2006-3334 1 Greg Roelofs 1 Libpng 2026-04-16 N/A
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".
CVE-2002-0257 2 Apache, Usanet Creations 2 Http Server, Makebid Auction Deluxe 2026-04-16 N/A
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
CVE-2004-1448 1 Jetbox 1 Jetbox One Cms 2026-04-16 N/A
Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code.
CVE-2006-3393 1 Electronic Arts 1 Nascar Racing 2026-04-16 N/A
Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket.
CVE-2006-3395 1 Webdesignhq 1 Sitebuilder-fx 2026-04-16 N/A
PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.
CVE-2004-1763 1 Haht Commerce 1 Hahtsite Scenario Server 2026-04-16 N/A
Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project name.
CVE-2004-1765 1 Mod Security 1 Mod Security 2026-04-16 N/A
Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
CVE-2006-3409 1 Tor 1 Tor 2026-04-16 N/A
Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists.