Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1653 1 Farm9 1 Cryptcat 2026-04-16 N/A
Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information.
CVE-2002-1655 2 Iplanet, Netscape 2 Iplanet Web Server, Enterprise Server 2026-04-16 N/A
The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request.
CVE-2002-1648 1 Squirrelmail 1 Squirrelmail 2026-04-16 N/A
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.
CVE-2002-1650 1 Squirrelmail 1 Squirrelmail 2026-04-16 N/A
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
CVE-2003-0450 1 Cistron 1 Radius Daemon 2026-04-16 N/A
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow.
CVE-2003-0451 1 Xblockout 1 Xbl 2026-04-16 N/A
Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments.
CVE-2003-0453 1 Ehud Gavron 1 Traceroute-nanog 2026-04-16 N/A
traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.
CVE-2002-1662 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.
CVE-2002-1664 1 Yahoo 1 Messenger 2026-04-16 N/A
Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information.
CVE-2003-1291 1 Vmware 1 Esx 2026-04-16 N/A
VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.
CVE-2002-1665 1 Yahoo 1 Messenger 2026-04-16 N/A
Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field.
CVE-2003-1293 1 Nukedweb 1 Guestbookhost 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook.
CVE-2002-1666 1 Oracle 1 E-business Suite 2026-04-16 N/A
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL.
CVE-2003-0686 2 Dave Airlie, Redhat 4 Pam Smb, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.
CVE-2006-3236 1 Thinkfactory 1 Thinkwms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php.
CVE-2002-0067 2 Redhat, Squid 2 Linux, Squid 2026-04-16 N/A
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
CVE-2003-0688 6 Compaq, Freebsd, Openbsd and 3 more 7 Tru64, Freebsd, Openbsd and 4 more 2026-04-16 N/A
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
CVE-2006-3241 1 Xennobb 1 Xennobb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.
CVE-2003-0690 2 Kde, Redhat 3 Kde, Enterprise Linux, Linux 2026-04-16 N/A
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
CVE-2002-1732 1 Actinic 1 Actinic Catalog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl.