Export limit exceeded: 349399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349399 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2288 | 1 Mambo | 1 Site Server | 2026-04-16 | N/A |
| Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. | ||||
| CVE-2002-2289 | 1 Working Resources Inc. | 1 Badblue | 2026-04-16 | N/A |
| soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. | ||||
| CVE-2002-2290 | 1 Mambo | 1 Mambo Site Server | 2026-04-16 | N/A |
| Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | ||||
| CVE-2002-2292 | 1 Halycon Software | 1 Iasp | 2026-04-16 | N/A |
| Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095. | ||||
| CVE-2002-2294 | 1 Symantec | 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more | 2026-04-16 | N/A |
| Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed RealAudio (rad) packets that are not properly handled by the RealAudio Proxy, or (2) crafted packets to the statistics service (statsd). | ||||
| CVE-2002-2295 | 1 Pico Server | 1 Pico Server | 2026-04-16 | N/A |
| Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name in an HTTP request, (3) a long version number in an HTTP request, (4) a long User-Agent header, or (5) a long file path. | ||||
| CVE-2002-2296 | 1 Yabb | 1 Yabb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter. | ||||
| CVE-2002-2297 | 1 Atthat.com | 1 Thatware | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | ||||
| CVE-2002-2298 | 1 Atthat.com | 1 Thatware | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | ||||
| CVE-2002-2300 | 1 3com | 1 Webbngss3nbxnts | 2026-04-16 | N/A |
| Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com NBX 4.1.4 allows remote attackers to cause a denial of service (crash) via a long CEL command. | ||||
| CVE-2002-2301 | 1 Lawson Software | 1 Lawson Financials | 2026-04-16 | N/A |
| Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database. | ||||
| CVE-2002-2302 | 1 3d3.com | 1 Shopfactory | 2026-04-16 | N/A |
| 3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field. | ||||
| CVE-2002-2303 | 1 3d3.com | 1 Shopfactory | 2026-04-16 | N/A |
| 3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data. | ||||
| CVE-2002-2304 | 1 Myphpsoft | 1 Myphplinks | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/auth/checksession.php in MyPHPLinks 2.1.9 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the idsession parameter. | ||||
| CVE-2002-2305 | 1 Phpsecure.org | 1 Immobilier | 2026-04-16 | N/A |
| SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter. | ||||
| CVE-2002-2306 | 1 Kazaa | 1 Kazaa Media Desktop | 2026-04-16 | N/A |
| Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to cause a denial of service (CPU consumption) by sending several large messages. | ||||
| CVE-2002-2307 | 1 Pyramid | 1 Benhur Software Update | 2026-04-16 | N/A |
| The default configuration of BenHur Firewall release 3 update 066 fix 2 allows remote attackers to access arbitrary services by connecting from source port 20. | ||||
| CVE-2005-0725 | 1 Wf-sections | 1 Wf-sections | 2026-04-16 | N/A |
| SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php. | ||||
| CVE-2002-2310 | 1 Kryptronic | 1 Clickcartpro | 2026-04-16 | N/A |
| ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords. | ||||
| CVE-2002-2312 | 1 Opera Software | 1 Opera | 2026-04-16 | N/A |
| Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. | ||||