Export limit exceeded: 363689 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363689 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0181 1 Horde 2 Horde, Imp 2026-04-16 N/A
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
CVE-2002-0186 1 Microsoft 1 Sql Server 2026-04-16 N/A
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
CVE-2002-0199 1 Nullsoft 1 Shoutcast Server 2026-04-16 N/A
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
CVE-2002-0208 1 Network.associates 1 Pgpfire 2026-04-16 N/A
PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.
CVE-2002-0209 1 Nortel 1 Alteon Acedirector 2026-04-16 N/A
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.
CVE-2002-0216 1 Xoops 1 Xoops 2026-04-16 N/A
userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.
CVE-2002-0217 1 Xoops 1 Xoops 2026-04-16 N/A
Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.
CVE-2006-1924 1 Linpha 1 Linpha 2026-04-16 N/A
SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2002-0223 2 Infopop, Wired Community Software 2 Ultimate Bulletin Board, Wwwthreads 2026-04-16 N/A
Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension.
CVE-2002-0224 1 Microsoft 3 Internet Information Services, Sql Server, Windows 2000 2026-04-16 N/A
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
CVE-2002-0225 1 Cisco 1 Tacacs\+ 2026-04-16 N/A
tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files.
CVE-2002-0228 1 Microsoft 1 Msn Messenger 2026-04-16 N/A
Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).
CVE-2002-0233 1 Eshare Communications Inc. 1 Eshare Expressions 2026-04-16 N/A
Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
CVE-2002-0234 1 Juniper 1 Netscreen Screenos 2026-04-16 N/A
NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections.
CVE-2002-0235 1 Castelle 1 Faxpress 2026-04-16 N/A
Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event.
CVE-2002-0236 1 Lucent 5 Vitalanalysis, Vitalevent, Vitalhelp and 2 more 2026-04-16 N/A
Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.
CVE-2002-0238 1 Netgear 1 Rt314 2026-04-16 N/A
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.
CVE-2002-0815 3 Microsoft, Mozilla, Netscape 3 Internet Explorer, Mozilla, Navigator 2026-04-16 N/A
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
CVE-1999-0003 5 Hp, Ibm, Sgi and 2 more 6 Hp-ux, Aix, Irix and 3 more 2026-04-16 N/A
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
CVE-2002-0819 1 Artsd 1 Artsd 2026-04-16 N/A
Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function.