Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0160 1 Cisco 1 Secure Access Control Server 2026-04-16 N/A
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
CVE-2002-0162 2 Logwatch, Redhat 3 Logwatch, Linux, Powertools 2026-04-16 N/A
LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.
CVE-2002-0164 2 Caldera, Redhat 4 Openlinux Server, Openlinux Workstation, Enterprise Linux and 1 more 2026-04-16 N/A
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
CVE-2005-4208 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.
CVE-2002-0165 2 Logwatch, Redhat 3 Logwatch, Linux, Powertools 2026-04-16 N/A
LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162.
CVE-2004-0200 1 Microsoft 24 .net Framework, Digital Image Pro, Digital Image Suite and 21 more 2026-04-16 N/A
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
CVE-2002-0168 2 Enlightenment, Redhat 2 Imlib, Linux 2026-04-16 N/A
Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.
CVE-2002-0170 2 Redhat, Zope 2 Powertools, Zope 2026-04-16 N/A
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
CVE-2002-0171 1 Sgi 1 Irisconsole 2026-04-16 N/A
IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.
CVE-2004-0201 2 Avaya, Microsoft 11 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 8 more 2026-04-16 N/A
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
CVE-2002-0181 1 Horde 2 Horde, Imp 2026-04-16 N/A
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
CVE-2004-2197 1 Kdocker 1 Kdocker 2026-04-16 N/A
kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs.
CVE-2005-4218 1 Phpwebthings 1 Phpwebthings 2026-04-16 N/A
SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585.
CVE-2002-0185 2 Apache, Redhat 2 Mod Python, Linux 2026-04-16 N/A
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.
CVE-2002-0186 1 Microsoft 1 Sql Server 2026-04-16 N/A
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
CVE-2002-0200 1 Cyberstop 1 Cyberstop Web Server 2026-04-16 N/A
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.
CVE-2002-0201 1 Cyberstop 1 Cyberstop Web Server 2026-04-16 N/A
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.
CVE-2002-0202 1 Paintbbs 1 Paintbbs 2026-04-16 N/A
PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder.
CVE-2004-0204 4 Bea, Borland Software, Businessobjects and 1 more 9 Weblogic Server, J Builder, Crystal Enterprise and 6 more 2026-04-16 N/A
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
CVE-2002-0203 1 Tarantella 1 Tarantella Enterprise 2026-04-16 N/A
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.