Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0038 1 Sgi 1 Irix 2026-04-16 N/A
Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk.
CVE-2002-0043 2 Redhat, Todd Miller 3 Linux, Powertools, Sudo 2026-04-16 N/A
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
CVE-2005-4170 1 Efiction Project 1 Efiction 2026-04-16 N/A
SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php.
CVE-2002-0048 2 Andrew Tridgell, Redhat 2 Rsync, Linux 2026-04-16 N/A
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
CVE-2002-0056 1 Microsoft 1 Sql Server 2026-04-16 N/A
Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.
CVE-2002-0058 2 Microsoft, Sun 4 Virtual Machine, Jdk, Jre and 1 more 2026-04-16 N/A
Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.
CVE-2002-0064 2 Bindview, Funk Software 2 Netrc, Funk Software Proxy 2026-04-16 N/A
Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system.
CVE-2006-4684 1 Zope 1 Zope 2026-04-16 N/A
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
CVE-2002-0066 2 Bindview, Funk Software 2 Netrc, Funk Software Proxy 2026-04-16 N/A
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges.
CVE-2004-0113 2 Apache, Redhat 3 Http Server, Enterprise Linux, Linux 2026-04-16 N/A
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
CVE-2002-0207 1 Realnetworks 2 Realone Player, Realplayer Intranet 2026-04-16 N/A
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
CVE-2004-0211 1 Microsoft 1 Windows 2003 Server 2026-04-16 N/A
The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
CVE-2002-0210 1 Tolis Group 1 Bru 2026-04-16 N/A
setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file.
CVE-2002-0211 1 Tarantella 1 Tarantella Enterprise 2026-04-16 N/A
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
CVE-2002-0213 2 Sgi, Xinet 2 Irix, K-ashare 2026-04-16 N/A
xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.
CVE-2004-0212 2 Avaya, Microsoft 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more 2026-04-16 N/A
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
CVE-2002-0214 1 Intel 1 Intel Pro Wireless 2011b Lan Usb Device Driver 2026-04-16 N/A
Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key.
CVE-2004-0216 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
CVE-2002-0223 2 Infopop, Wired Community Software 2 Ultimate Bulletin Board, Wwwthreads 2026-04-16 N/A
Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension.
CVE-2002-0224 1 Microsoft 3 Internet Information Services, Sql Server, Windows 2000 2026-04-16 N/A
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.