Export limit exceeded: 363865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363865 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2192 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.
CVE-2002-1803 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
CVE-2002-1810 1 Dlink 2 Dwl-900ap\+, Dwl-900ap\+ Firmware 2026-04-16 7.5 High
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.
CVE-2005-2197 1 Id Board 1 Id Board 2026-04-16 N/A
SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.
CVE-2002-1812 1 Gdam 1 Gdam 2026-04-16 N/A
Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter.
CVE-2002-1813 1 Aol 1 Instant Messenger 2026-04-16 N/A
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link.
CVE-2002-1821 1 Ultimate Php Board 1 Ultimate Php Board 2026-04-16 N/A
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.
CVE-2005-2198 1 Spid 1 Spid 2026-04-16 N/A
PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter.
CVE-2002-1824 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
CVE-2002-1830 1 Openbb 1 Openbb 2026-04-16 N/A
Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters.
CVE-2005-2199 1 Skrypty 1 Ppa Gallery 2026-04-16 N/A
PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.
CVE-2002-1838 1 Steve Sachs 1 Charities.cron 2026-04-16 N/A
Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files.
CVE-2005-2200 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2026-04-16 N/A
Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication.
CVE-2005-4285 1 Dick Copits 1 Pdestore 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters.
CVE-2002-1839 1 Trend Micro 1 Interscan Viruswall For Windows Nt 2026-04-16 N/A
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.
CVE-2002-1844 2 Microsoft, Oracle 2 Windows Media Player, Solaris 2026-04-16 7.8 High
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
CVE-2005-2201 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2026-04-16 N/A
Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.
CVE-2005-4290 1 Soft4e 1 Ecw-cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters.
CVE-2005-4784 1 Austin Group 1 Posix 2026-04-16 N/A
Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.
CVE-1999-0947 1 An 1 An-httpd 2026-04-16 N/A
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.