Search Results (363983 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4370 1 Acidcat 1 Acidcat 2026-04-16 N/A
SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp.
CVE-2005-4792 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2002-2345 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
CVE-2005-2283 1 Esi Products 1 Webeoc 2026-04-16 N/A
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file.
CVE-2002-2347 1 Oracle 1 Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.
CVE-2005-2284 1 Esi Products 1 Webeoc 2026-04-16 N/A
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors.
CVE-2002-2355 1 Netgear 1 Fm114p 2026-04-16 N/A
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.
CVE-2005-2285 1 Esi Products 1 Webeoc 2026-04-16 N/A
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration.
CVE-2005-4372 1 Liquid Bytes Technologies 1 Adaptive Website Framework 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2005-2287 1 Softiacom 1 Wmailserver 2026-04-16 N/A
SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow.
CVE-2002-2363 1 Hp 1 Hp-ux 2026-04-16 N/A
VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.
CVE-2002-2371 1 Linksys 1 Wet11 2026-04-16 N/A
Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.
CVE-2005-2288 1 Phpcounter 1 Phpcounter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter.
CVE-2002-2372 1 Ibm 2 Infoprint, Infoprint 21 2026-04-16 N/A
The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow.
CVE-2002-2375 1 Stalker 1 Communigate Pro 2026-04-16 N/A
Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information.
CVE-2005-2296 1 Yabb 1 Yabb 2026-04-16 N/A
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path.
CVE-2005-4374 1 Allinta 1 Allinta 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp.
CVE-2002-2379 1 Cisco 1 As5350 2026-04-16 N/A
Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor
CVE-2002-2380 2 Arescom, Microsoft 2 Netdsl, Network Firmware 2026-04-16 N/A
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
CVE-2002-2389 1 Fastlink Software 1 The Server 2026-04-16 N/A
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.