Export limit exceeded: 345525 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345525 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1878 | 1 W-agora | 1 W-agora | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter. | ||||
| CVE-2002-1879 | 1 Lokwa | 1 Lokwabb | 2026-04-16 | N/A |
| SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php. | ||||
| CVE-2002-1882 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | ||||
| CVE-2002-1883 | 1 Trolltech | 1 Qt Assistant | 2026-04-16 | N/A |
| Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service. | ||||
| CVE-2002-1884 | 1 Py-membres | 1 Py-membres | 2026-04-16 | N/A |
| index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin". | ||||
| CVE-2002-1885 | 1 Powerphlogger | 1 Powerphlogger | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter. | ||||
| CVE-2002-1886 | 1 Tightauction | 1 Tightauction | 2026-04-16 | N/A |
| TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password. | ||||
| CVE-2002-1887 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter. | ||||
| CVE-2002-1888 | 1 Commonname | 1 Commonname Toolbar | 2026-04-16 | N/A |
| CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names. | ||||
| CVE-2002-1889 | 1 Logsurfer | 1 Logsurfer | 2026-04-16 | N/A |
| Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry. | ||||
| CVE-2002-1496 | 1 Nulllogic | 1 Null Httpd | 2026-04-16 | N/A |
| Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header. | ||||
| CVE-2002-1497 | 1 Nulllogic | 1 Null Httpd | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response. | ||||
| CVE-2002-1498 | 1 Trevor Lee | 1 Swserver | 2026-04-16 | N/A |
| Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with "/" or "\" characters. | ||||
| CVE-2002-1499 | 1 Factosystem | 1 Factosystem Weblog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp. | ||||
| CVE-2002-1500 | 1 Netbsd | 1 Netbsd | 2026-04-16 | N/A |
| Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET(). | ||||
| CVE-2002-1501 | 1 Enterasys | 1 Smartswitch Ssr8000 | 2026-04-16 | N/A |
| The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. | ||||
| CVE-2002-1502 | 1 Dave Brul | 1 Xbreaky | 2026-04-16 | N/A |
| Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file. | ||||
| CVE-2002-1538 | 1 Acuma | 1 Acusend | 2026-04-16 | N/A |
| Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable. | ||||
| CVE-2002-1504 | 1 Radiobird Software | 1 Webserver 4 Everyone | 2026-04-16 | N/A |
| Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL. | ||||
| CVE-2002-1505 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter. | ||||