Search Results (367196 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1951 1 Goahead Software 1 Goahead Webserver 2026-04-16 N/A
Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories.
CVE-2005-3996 1 Zen-cart 1 Zen Cart 2026-04-16 N/A
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.
CVE-2002-1957 1 Pen 1 Pen 2026-04-16 N/A
Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9.2 allows remote attackers to execute arbitrary commands via malformed log messages.
CVE-2002-1981 1 Microsoft 1 Sql Server 2026-04-16 N/A
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
CVE-2002-1985 1 Incognito Software Inc 1 Ismtp Gateway 2026-04-16 N/A
iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow.
CVE-2002-1994 1 Gamecheats 1 Advanced Web Server Professional 2026-04-16 N/A
advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (CRLF) sequence.
CVE-2002-2001 2 Jmcce, Mandrakesoft 2 Jmcce, Mandrake Linux 2026-04-16 N/A
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2002-2009 1 Apache 1 Tomcat 2026-04-16 N/A
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
CVE-2002-2018 1 Sas 2 Base, Integration Technologies 2026-04-16 N/A
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.
CVE-2002-2020 1 Netgear 1 Rp114 2026-04-16 N/A
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed.
CVE-2002-2024 1 Horde 1 Imp 2026-04-16 5.3 Medium
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
CVE-2001-0901 1 Hypermail Development 1 Hypermail 2026-04-16 N/A
Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.
CVE-2002-2036 1 Sun 1 Ray Server Software 2026-04-16 N/A
Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client.
CVE-2001-1099 2 Microsoft, Symantec 2 Exchange Server, Norton Antivirus 2026-04-16 N/A
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
CVE-2002-0419 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.
CVE-2002-1744 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).
CVE-2002-1850 1 Apache 1 Http Server 2026-04-16 7.5 High
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
CVE-2003-0192 2 Apache, Redhat 5 Http Server, Enterprise Linux, Linux and 2 more 2026-04-16 N/A
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
CVE-2003-0254 2 Apache, Redhat 2 Http Server, Linux 2026-04-16 N/A
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
CVE-2006-2942 1 Twiki 1 Twiki 2026-04-16 N/A
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.