Export limit exceeded: 29926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1732 | 1 Actinic | 1 Actinic Catalog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl. | ||||
| CVE-2005-1283 | 1 Argosoft | 1 Argosoft Mail Server | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367. | ||||
| CVE-2005-3427 | 1 Cisco | 1 Ciscoworks Management Center For Ips Sensors | 2026-04-16 | N/A |
| The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection. | ||||
| CVE-2002-1741 | 1 Alt-n | 1 Worldclient | 2026-04-16 | N/A |
| Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter. | ||||
| CVE-2005-1284 | 1 Argosoft | 1 Argosoft Mail Server | 2026-04-16 | N/A |
| The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. | ||||
| CVE-2002-1751 | 1 Cgiscript.net | 1 Cslivesupport | 2026-04-16 | N/A |
| csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | ||||
| CVE-2005-1285 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter. | ||||
| CVE-2005-3429 | 1 Rockliffe | 1 Mailsite Express | 2026-04-16 | N/A |
| Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2005-1286 | 1 Softwin | 1 Bitdefender Antivirus | 2026-04-16 | N/A |
| Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process. | ||||
| CVE-2002-1754 | 1 Novell | 1 Netware Client | 2026-04-16 | N/A |
| Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname. | ||||
| CVE-2002-1755 | 1 Tinc | 1 Tinc | 2026-04-16 | N/A |
| tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. | ||||
| CVE-2005-3824 | 1 Vtiger | 1 Vtiger Crm | 2026-04-16 | N/A |
| The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action. | ||||
| CVE-2002-1756 | 1 Acd Systems | 1 Acdsee | 2026-04-16 | N/A |
| ACDSee 4.0 allows remote attackers to cause a denial of service (crash) via an .ais file with a long file description field, which is not properly handled when the file properties of the file are viewed. | ||||
| CVE-2002-1843 | 1 Perlbot | 1 Perlbot | 2026-04-16 | N/A |
| Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm. | ||||
| CVE-2005-1325 | 1 Matthieu Aubry | 1 Phpmyvisites | 2026-04-16 | N/A |
| set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter. | ||||
| CVE-2005-3438 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager. | ||||
| CVE-2005-1326 | 1 Voodoo Circle | 1 Voodoo Circle | 2026-04-16 | N/A |
| Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote authenticated attackers to cause a denial of service (client crash) via a crafted packet. | ||||
| CVE-2002-1845 | 1 Yabb | 1 Yabb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter. | ||||
| CVE-2002-1846 | 1 Yabb | 1 Yabb | 2026-04-16 | N/A |
| Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php. | ||||
| CVE-2005-1327 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter. | ||||