Search Results (362833 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1006 1 Starfish 1 Truesync Desktop 2026-04-16 N/A
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application.
CVE-2004-2349 1 Tunez 1 Tunez 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries.
CVE-2004-2350 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
CVE-2004-2352 1 Martin Bauer 1 Gbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke.
CVE-2004-2353 1 Incogen 1 Bugport 2026-04-16 N/A
BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information.
CVE-2002-0862 2 Apple, Microsoft 10 Macos, Internet Explorer, Office and 7 more 2026-04-16 N/A
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
CVE-2001-1055 1 Microsoft 2 Windows 98, Windows 98se 2026-04-16 N/A
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
CVE-2004-2354 2 Francisco Burzi, Warpspeed 2 Php-nuke, 4nguestbook 2026-04-16 N/A
SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.
CVE-2002-0863 1 Microsoft 5 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 2 more 2026-04-16 N/A
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
CVE-2004-2355 1 Crafty Syntax Live Help 1 Crafty Syntax Live Help 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session.
CVE-2001-1072 1 Apache 1 Http Server 2026-04-16 N/A
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
CVE-2002-0864 1 Microsoft 4 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 1 more 2026-04-16 N/A
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."
CVE-2004-2356 1 Fizmez 1 Fizmez Web Server 2026-04-16 N/A
Early termination vulnerability in Fizmez Web Server 1.0 allows remote attackers to cause a denial of service (crash) by connecting to the server and then disconnecting without sending any data, which triggers a null pointer dereference.
CVE-2001-1079 1 Ibm 1 Aix 2026-04-16 N/A
create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.
CVE-2004-2358 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2002-1214 1 Microsoft 3 Windows 2000, Windows 2000 Terminal Services, Windows Xp 2026-04-16 N/A
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
CVE-2001-1087 1 Network Appliance 1 Netcache 2026-04-16 N/A
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.
CVE-2002-1256 1 Microsoft 3 Windows 2000, Windows 2000 Terminal Services, Windows Xp 2026-04-16 N/A
The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
CVE-2002-1357 7 Cisco, Fissh, Intersoft and 4 more 7 Ios, Ssh Client, Securenetterm and 4 more 2026-04-16 N/A
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2002-2077 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.