Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0644 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
CVE-2002-0648 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
CVE-2002-0650 1 Microsoft 1 Sql Server 2026-04-16 N/A
The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
CVE-2002-0652 1 Sgi 1 Irix 2026-04-16 N/A
xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().
CVE-2002-0654 1 Apache 1 Http Server 2026-04-16 N/A
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
CVE-2002-1231 1 Caldera 2 Openunix, Unixware 2026-04-16 N/A
SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.
CVE-2006-4780 1 Phpbbxs 1 Phpbb Xs 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2002-0659 4 Apple, Openssl, Oracle and 1 more 8 Mac Os X, Openssl, Application Server and 5 more 2026-04-16 N/A
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
CVE-2002-0660 2 Greg Roelofs, Redhat 4 Libpng, Libpng3, Enterprise Linux and 1 more 2026-04-16 N/A
Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.
CVE-2002-0663 1 Symantec 2 Norton Internet Security, Norton Personal Firewall 2026-04-16 N/A
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.
CVE-2002-0665 1 Macromedia 1 Jrun 2026-04-16 N/A
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
CVE-2002-0666 6 Apple, Freebsd, Frees Wan and 3 more 12 Mac Os X, Mac Os X Server, Freebsd and 9 more 2026-04-16 N/A
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
CVE-2002-0669 1 Pingtel 1 Xpressa 2026-04-16 N/A
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.
CVE-2006-4784 1 Moodle 1 Moodle 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.
CVE-2002-0670 1 Pingtel 1 Xpressa 2026-04-16 N/A
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.
CVE-2002-0674 1 Pingtel 1 Xpressa 2026-04-16 N/A
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.
CVE-2002-0677 7 Caldera, Compaq, Hp and 4 more 9 Openunix, Unixware, Tru64 and 6 more 2026-04-16 N/A
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.
CVE-2002-0679 6 Caldera, Compaq, Hp and 3 more 8 Openunix, Unixware, Tru64 and 5 more 2026-04-16 N/A
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
CVE-2002-0680 3 Goahead Software, Montavista Software, Orange Software 3 Goahead Webserver, Hard Hat Linux, Orange Web Server 2026-04-16 N/A
Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.
CVE-2006-4787 1 Alphamail 1 Alphamail 2026-04-16 N/A
AlphaMail before 1.0.16 allows local users to obtain sensitive information via the logging functionality, which displays unencrypted passwords in an error message. NOTE: some details are obtained from third party information.