Export limit exceeded: 345233 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345233 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1457 | 1 Leszek Krupinski | 1 L-forum | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter. | ||||
| CVE-2002-1458 | 1 Leszek Krupinski | 1 L-forum | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body. | ||||
| CVE-2006-1990 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2026-04-16 | N/A |
| Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | ||||
| CVE-2002-1460 | 1 Leszek Krupinski | 1 L-forum | 2026-04-16 | N/A |
| L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files. | ||||
| CVE-2002-1461 | 1 Webscriptworld | 1 Web Shop Manager | 2026-04-16 | N/A |
| Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box. | ||||
| CVE-2002-1462 | 1 Organicphp | 1 Php-affiliate | 2026-04-16 | N/A |
| details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields. | ||||
| CVE-2002-1464 | 1 Cafelog | 1 B2 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable. | ||||
| CVE-2002-1465 | 1 Cafelog | 1 B2 | 2026-04-16 | N/A |
| SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable. | ||||
| CVE-2002-1466 | 1 Cafelog | 1 B2 | 2026-04-16 | N/A |
| CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. | ||||
| CVE-2002-1470 | 1 Nullsoft | 1 Shoutcast Server | 2026-04-16 | N/A |
| SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file. | ||||
| CVE-2002-1471 | 1 Ximian | 1 Evolution | 2026-04-16 | N/A |
| The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack. | ||||
| CVE-2002-1472 | 2 Redhat, Xfree86 Project | 2 Linux, X11r6 | 2026-04-16 | N/A |
| Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module. | ||||
| CVE-2002-1473 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-2002-1474 | 1 Hp | 1 Tru64 | 2026-04-16 | N/A |
| Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service. | ||||
| CVE-2002-1475 | 1 Hp | 1 Tru64 | 2026-04-16 | N/A |
| Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service. | ||||
| CVE-2002-1477 | 1 The Cacti Group | 1 Cacti | 2026-04-16 | N/A |
| graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode. | ||||
| CVE-2002-1480 | 1 Phpgb | 1 Phpgb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry. | ||||
| CVE-2002-1481 | 1 Phpgb | 1 Phpgb | 2026-04-16 | N/A |
| savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. | ||||
| CVE-2002-1482 | 1 Phpgb | 1 Phpgb | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry. | ||||
| CVE-2002-1483 | 1 Db4web | 1 Db4web | 2026-04-16 | N/A |
| db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot). | ||||