Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0394 1 Red-m 1 1050ap Lan Acess Point 2026-04-16 N/A
Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords.
CVE-2002-0395 1 Red-m 1 1050ap Lan Acess Point 2026-04-16 N/A
The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods.
CVE-2004-0278 1 Ratbag 5 Dirt Track Racing, Dirt Track Racing Australia, Dirt Track Racing Sprint Cars and 2 more 2026-04-16 N/A
Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.
CVE-2004-0281 1 Caucho 1 Resin 2026-04-16 N/A
Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.
CVE-2002-0406 1 Menasoft 1 Sphereserver 2026-04-16 N/A
Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in.
CVE-2004-0283 1 Mailmgr 1 Mailmgr 2026-04-16 N/A
Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort.
CVE-2002-0407 1 Lotus 1 Domino 2026-04-16 N/A
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
CVE-2002-0409 1 Microsoft 1 .net Framework 2026-04-16 N/A
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter.
CVE-2002-0410 1 Aeromail 1 Aeromail 2026-04-16 N/A
send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.
CVE-2002-0411 1 Aeromail 1 Aeromail 2026-04-16 N/A
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
CVE-2002-0413 1 Rebb 1 Rebb 2026-04-16 N/A
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
CVE-2002-0414 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-16 N/A
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
CVE-2004-0292 1 Karjasoft 1 Sami Http Server 2026-04-16 N/A
Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
CVE-2002-0415 1 Realnetworks 1 Realplayer 2026-04-16 N/A
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
CVE-2004-0297 1 Ipswitch 1 Imail 2026-04-16 N/A
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
CVE-2004-0300 1 Ecommerce Corporation Online 1 Store Kit 2026-04-16 N/A
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
CVE-2006-4738 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.
CVE-2004-0302 1 Fools Workshop 1 Owls Workshop 2026-04-16 N/A
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.
CVE-2002-0487 1 Workforceroi 1 Xpede 2026-04-16 N/A
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
CVE-2004-0328 1 Gigabyte 1 Gn-b46b 2026-04-16 N/A
Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system.