Export limit exceeded: 363850 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363850 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1915 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-16 5.5 Medium
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
CVE-2002-1917 1 Geeklog 1 Geeklog 2026-04-16 N/A
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
CVE-2005-2219 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.
CVE-2002-1921 1 Oracle 1 Mysql 2026-04-16 N/A
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
CVE-2005-2220 1 Incredible Interactive 1 Dragonfly Commerce 2026-04-16 N/A
Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem
CVE-2002-1926 1 Aquonics Scripting 1 Aquonics File Manager 2026-04-16 N/A
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string.
CVE-2002-1932 1 Microsoft 2 Windows 2000, Windows Xp 2026-04-16 N/A
Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
CVE-2002-1935 1 Pingtel 1 Xpressa 2026-04-16 N/A
Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.
CVE-2005-4299 1 Atlantpro.com 1 Atlant Pro 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters.
CVE-2002-1937 1 Symantec 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r 2026-04-16 N/A
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password.
CVE-2005-4301 1 Phpxplorer 1 Phpxplorer 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the address bar field.
CVE-2002-1939 1 Flashfxp 1 Flashfxp 2026-04-16 N/A
FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties.
CVE-2002-1943 1 Safetp 1 Safetp Server 2026-04-16 N/A
SafeTP 1.46, when network address translation (NAT) is being used, leaks the internal IP address of the FTP server in a response to a passive mode (PASV) file transfer request.
CVE-2002-1952 1 Phprank 1 Phprank 2026-04-16 N/A
phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable.
CVE-2002-1960 1 Cybozu 1 Share360 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link.
CVE-2005-4302 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter.
CVE-2002-1961 1 Finjan Software 1 Surfingate 2026-04-16 N/A
Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name (FQDN) that ends in a "." (dot).
CVE-2002-1963 1 Linux 1 Linux Kernel 2026-04-16 N/A
Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries.
CVE-2005-4310 1 Ssh 1 Tectia Server 2026-04-16 N/A
SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials.
CVE-2002-1969 1 The Magic Notebook 1 The Magic Notebook 2026-04-16 N/A
Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial of service (crash) via an invalid username during login.