Search Results (9555 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2929 2 Redhat, University Of Kansas 2 Enterprise Linux, Lynx 2026-04-16 N/A
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
CVE-2002-2401 1 Microsoft 3 Windows 2000, Windows Nt, Windows Xp 2026-04-16 N/A
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
CVE-2004-2730 1 Microsoft 11 Psexec, Psgetsid, Psinfo and 8 more 2026-04-16 N/A
Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping.
CVE-2002-2405 1 Checkpoint 1 Firewall-1 2026-04-16 N/A
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.
CVE-2003-0497 1 Intersystems 1 Cache Database 2026-04-16 N/A
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
CVE-2002-2254 1 Linux 1 Linux Kernel 2026-04-16 N/A
The experimental IP packet queuing feature in Netfilter / IPTables in Linux kernel 2.4 up to 2.4.19 and 2.5 up to 2.5.31, when a privileged process exits and network traffic is not being queued, may allow a later process with the same Process ID (PID) to access certain network traffic that would otherwise be restricted.
CVE-2004-1767 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
CVE-2002-0013 2 Redhat, Snmp 3 Linux, Powertools, Snmp 2026-04-16 N/A
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
CVE-2003-1356 1 Hp 1 Hp-ux 2026-04-16 N/A
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.
CVE-2002-2344 1 Ensim 1 Webppliance 2026-04-16 N/A
Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address.
CVE-2005-2819 1 Eric Fichot 1 Downfile 2026-04-16 N/A
DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.
CVE-2005-3257 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
CVE-2006-4302 1 Sun 2 J2se, Java Web Start 2026-04-16 N/A
The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities.
CVE-2003-1346 1 D-link 1 Dwl-900ap\+ 2026-04-16 N/A
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
CVE-2004-2743 1 Raditha Dissanayake 1 Mega Upload Progress Bar 2026-04-16 N/A
upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files.
CVE-2005-3631 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2026-04-16 N/A
udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.
CVE-2002-2324 1 Microsoft 1 Windows Xp 2026-04-16 N/A
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.
CVE-2005-2938 1 Apple 1 Itunes 2026-04-16 N/A
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.
CVE-2002-0012 2 Redhat, Snmp 3 Linux, Powertools, Snmp 2026-04-16 N/A
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
CVE-2002-2353 1 Tftpd32 1 Tftpd32 2026-04-16 N/A
tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.