Search Results (364818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0588 1 Steve Korbett 1 Pvote 2026-04-16 N/A
PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.
CVE-2002-0587 1 Aol 1 Aol Server 2026-04-16 N/A
Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters.
CVE-1999-0005 2 Netscape, University Of Washington 2 Messaging Server, Imap 2026-04-16 N/A
Arbitrary command execution via IMAP buffer overflow in authenticate command.
CVE-2002-0266 1 Thunderstone Software 1 Texis 2026-04-16 N/A
Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname.
CVE-1999-0004 3 Hp, Sco, University Of Washington 3 Dtmail, Unixware, Pine 2026-04-16 N/A
MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.
CVE-2002-0586 1 Aol 1 Aol Server 2026-04-16 N/A
Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters.
CVE-2000-1050 1 Macromedia 1 Jrun 2026-04-16 N/A
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
CVE-2002-0582 1 Workforceroi 1 Xpede 2026-04-16 N/A
WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory.
CVE-2004-0362 1 Iss 11 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 8 more 2026-04-16 N/A
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
CVE-2003-0972 1 Gnu 1 Screen 2026-04-16 N/A
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
CVE-2002-0581 1 Workforceroi 1 Xpede 2026-04-16 N/A
WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script.
CVE-2002-0570 1 Linux 1 Linux Kernel 2026-04-16 N/A
The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.
CVE-2002-0569 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).
CVE-2002-0568 1 Oracle 3 Application Server, Oracle8i, Oracle9i 2026-04-16 N/A
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
CVE-2006-1796 1 Wordpress 1 Wordpress 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).
CVE-2002-0567 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2026-04-16 N/A
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
CVE-2002-0565 1 Oracle 3 Application Server, Application Server Web Cache, Oracle9i 2026-04-16 N/A
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
CVE-2000-1048 1 Qbik 1 Wingate 2026-04-16 N/A
Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL.
CVE-2002-0562 1 Oracle 3 Application Server, Application Server Web Cache, Oracle9i 2026-04-16 N/A
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
CVE-2002-0561 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2026-04-16 N/A
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.