Export limit exceeded: 29916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1469 | 1 Scponly | 1 Scponly | 2026-04-16 | N/A |
| scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs. | ||||
| CVE-2002-1476 | 1 Netbsd | 1 Netbsd | 2026-04-16 | N/A |
| Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh. | ||||
| CVE-2002-1479 | 1 The Cacti Group | 1 Cacti | 2026-04-16 | N/A |
| Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges. | ||||
| CVE-2005-1160 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object. | ||||
| CVE-2002-1553 | 1 Cisco | 1 Optical Networking Systems Software | 2026-04-16 | N/A |
| Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. | ||||
| CVE-2005-1189 | 1 Webcamxp | 1 Webcamxp Pro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites. | ||||
| CVE-2005-3405 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2026-04-16 | N/A |
| ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability. | ||||
| CVE-2002-1557 | 1 Cisco | 1 Optical Networking Systems Software | 2026-04-16 | N/A |
| Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. | ||||
| CVE-2005-1190 | 1 Webcamxp | 1 Webcamxp Pro | 2026-04-16 | N/A |
| WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered. | ||||
| CVE-2005-3406 | 1 Butterfat | 1 Phpesp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2002-1559 | 1 Research Systems Inc. | 1 Ion Script | 2026-04-16 | N/A |
| Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter. | ||||
| CVE-2002-1564 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability. | ||||
| CVE-2005-1191 | 1 Microsoft | 4 Windows 2000, Windows 98, Windows 98se and 1 more | 2026-04-16 | N/A |
| The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file. | ||||
| CVE-2002-1573 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling." | ||||
| CVE-2002-1574 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors. | ||||
| CVE-2005-1192 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060. | ||||
| CVE-2002-1575 | 1 Mit | 1 Cgiemail | 2026-04-16 | N/A |
| cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message. | ||||
| CVE-2005-1196 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter. | ||||
| CVE-2002-1576 | 1 Sap | 1 Sap Db | 2026-04-16 | N/A |
| lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program. | ||||
| CVE-2005-1197 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter. | ||||