Export limit exceeded: 363865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363865 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1724 1 Onlinetools.org 1 Phpimageview 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter.
CVE-2002-1732 1 Actinic 1 Actinic Catalog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl.
CVE-1999-0946 1 Yamaha 1 Midiplug 2026-04-16 N/A
Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag.
CVE-2002-1733 1 Prospero Technologies 1 Prospero Message Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post.
CVE-2002-1744 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).
CVE-2005-2184 1 Emc 1 Eroom 2026-04-16 N/A
eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.
CVE-2005-4283 1 Nightmedia 1 The City Shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly SKey to store.cgi.
CVE-2002-1749 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges.
CVE-2002-1750 1 Cgiscript 1 Csguestbook 2026-04-16 N/A
csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
CVE-2002-1751 1 Cgiscript.net 1 Cslivesupport 2026-04-16 N/A
csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
CVE-2002-1754 1 Novell 1 Netware Client 2026-04-16 N/A
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.
CVE-2005-2186 1 Mcafee 1 Intrushield Security Management System 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp.
CVE-2002-1757 1 Phprojekt 1 Phprojekt 2026-04-16 N/A
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
CVE-2005-2188 1 Mcafee 1 Intrushield Security Management System 2026-04-16 N/A
McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack.
CVE-2002-1760 1 Phprojekt 1 Phprojekt 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors.
CVE-2005-2190 1 Comersus Open Technologies 1 Comersus Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp.
CVE-2002-1769 1 Microsoft 2 Site Server, Site Server Commerce 2026-04-16 N/A
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.
CVE-2005-2191 1 Comersus Open Technologies 1 Comersus Cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp.
CVE-2002-1777 1 Symantec 1 Norton Antivirus 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is used by Outlook to obtain the file name. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but Norton AntiVirus or the Office plug-in would detect the virus before it is executed
CVE-2002-1795 1 Microsoft 1 Tsac Activex Control 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors.