Export limit exceeded: 351770 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29927 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29927 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1373 | 1 Dream4 | 1 Koobi Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters. | ||||
| CVE-2005-3459 | 1 Oracle | 2 Clinical, E-business Suite | 2026-04-16 | N/A |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical. | ||||
| CVE-2002-1938 | 1 Virgil | 1 Cgi Scanner | 2026-04-16 | N/A |
| Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters. | ||||
| CVE-2005-1374 | 1 Claroline | 1 Claroline | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. | ||||
| CVE-2002-1939 | 1 Flashfxp | 1 Flashfxp | 2026-04-16 | N/A |
| FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties. | ||||
| CVE-2002-2033 | 1 Faqmanager | 1 Faqmanager.cgi | 2026-04-16 | N/A |
| faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00). | ||||
| CVE-2002-2034 | 1 John Hardin | 1 Procmail Email Sanitizer | 2026-04-16 | N/A |
| The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments. | ||||
| CVE-2002-2036 | 1 Sun | 1 Ray Server Software | 2026-04-16 | N/A |
| Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client. | ||||
| CVE-2005-1417 | 1 Maxwebportal | 1 Maxwebportal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp. | ||||
| CVE-2002-2037 | 1 Cisco | 5 Bams, Pgw 2200, Sc2200 and 2 more | 2026-04-16 | N/A |
| The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities. | ||||
| CVE-2002-2044 | 1 Xqus | 1 X-stat | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action. | ||||
| CVE-2002-2048 | 1 Michael Baumer | 1 Pfinger | 2026-04-16 | N/A |
| Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability. | ||||
| CVE-2002-2052 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an interim release of the software. | ||||
| CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2026-04-16 | N/A |
| Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | ||||
| CVE-2002-2062 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. | ||||
| CVE-2005-1427 | 1 Uapplication | 1 Uphotogallery | 2026-04-16 | N/A |
| Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb. | ||||
| CVE-2005-1428 | 1 Uapplication | 1 Uphotogallery | 2026-04-16 | N/A |
| edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files. | ||||
| CVE-2002-2071 | 1 Compaq | 1 Tru64 | 2026-04-16 | N/A |
| Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap. | ||||
| CVE-2005-1429 | 1 Abczone.it | 1 Wwwguestbook | 2026-04-16 | N/A |
| SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2002-2072 | 1 Sun | 1 Jre | 2026-04-16 | N/A |
| java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument. | ||||