Export limit exceeded: 359582 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359582 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1654 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2026-04-16 | N/A |
| iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection. | ||||
| CVE-2002-1655 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2026-04-16 | N/A |
| The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. | ||||
| CVE-2002-1656 | 1 Xqus | 1 X-news | 2026-04-16 | N/A |
| X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie. | ||||
| CVE-2002-1657 | 1 Postgresql | 1 Postgresql | 2026-04-16 | 7.5 High |
| PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | ||||
| CVE-2002-1658 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | ||||
| CVE-2006-1991 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. | ||||
| CVE-2002-1529 | 1 Surfcontrol | 1 Superscout Email Filter | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter. | ||||
| CVE-2002-1494 | 1 Aestiva | 1 Html Os | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message. | ||||
| CVE-2002-1493 | 1 Lycos | 1 Htmlgear Guestgear | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag. | ||||
| CVE-2002-1489 | 1 Planetdns | 1 Planetweb | 2026-04-16 | N/A |
| Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name. | ||||
| CVE-2002-1488 | 1 Cerulean Studios | 1 Trillian | 2026-04-16 | N/A |
| The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in. | ||||
| CVE-2002-1485 | 1 Cerulean Studios | 1 Trillian | 2026-04-16 | N/A |
| The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C". | ||||
| CVE-2002-1482 | 1 Phpgb | 1 Phpgb | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry. | ||||
| CVE-2002-1429 | 1 Endity.com | 1 Shoutbox | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter. | ||||
| CVE-2002-1435 | 1 Achievo | 1 Achievo | 2026-04-16 | N/A |
| class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code. | ||||
| CVE-2002-1436 | 1 Novell | 1 Netware | 2026-04-16 | N/A |
| The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request. | ||||
| CVE-2002-1439 | 1 Hp | 2 Virtualvault, Vvos | 2026-04-16 | N/A |
| Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files. | ||||
| CVE-2002-1445 | 1 W3c | 1 Cern Httpd | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page. | ||||
| CVE-2002-1447 | 1 Cisco | 1 Vpn Client | 2026-04-16 | N/A |
| Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. | ||||
| CVE-2002-1448 | 1 Avaya | 3 Cajun M770-atm, Cajun P130, Cajun P330 | 2026-04-16 | N/A |
| An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. | ||||