Export limit exceeded: 13154 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359684 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0892 | 1 Nocc | 1 Nocc | 2026-04-16 | N/A |
| NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities. | ||||
| CVE-2006-4745 | 1 Scarybear | 1 Pocketexpense Pro | 2026-04-16 | N/A |
| ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header. | ||||
| CVE-2002-0198 | 1 Paul L Daniels | 2 Inflex, Ripmime | 2026-04-16 | N/A |
| Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename. | ||||
| CVE-2002-0199 | 1 Nullsoft | 1 Shoutcast Server | 2026-04-16 | N/A |
| Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes. | ||||
| CVE-2002-0203 | 1 Tarantella | 1 Tarantella Enterprise | 2026-04-16 | N/A |
| ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter. | ||||
| CVE-2002-0204 | 1 Gnu | 1 Chess | 2026-04-16 | N/A |
| Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command. | ||||
| CVE-2006-0785 | 1 Phpkit | 1 Phpkit | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions. | ||||
| CVE-2006-4663 | 1 Linux | 1 Linux Kernel | 2026-04-16 | 7.8 High |
| The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE: another researcher disputes the vulnerability, stating that he finds "Not a single world-writable file or directory." CVE analysis as of 20060908 indicates that permissions will only be weak under certain unusual or insecure scenarios | ||||
| CVE-2002-0216 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter. | ||||
| CVE-2002-0217 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php. | ||||
| CVE-2002-0218 | 1 Sas | 2 Sas Base, Sas Integration Technologies | 2026-04-16 | N/A |
| Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument. | ||||
| CVE-2006-0786 | 1 Phpkit | 1 Phpkit | 2026-04-16 | N/A |
| Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs. | ||||
| CVE-2006-4664 | 1 Premod Shadow | 1 Premod Shadow | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2002-0227 | 2 Kde, Kicq | 2 Kde, Kicq | 2026-04-16 | N/A |
| KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. | ||||
| CVE-2002-0239 | 1 Hanterm | 1 Hanterm | 2026-04-16 | N/A |
| Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument. | ||||
| CVE-2006-0788 | 1 Kyocera | 1 Fs-3830n | 2026-04-16 | N/A |
| Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command. | ||||
| CVE-2002-0241 | 1 Cisco | 1 Secure Access Control Server | 2026-04-16 | N/A |
| NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server. | ||||
| CVE-2002-0242 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. | ||||
| CVE-2006-0789 | 1 Kyocera | 1 Fs-3830n | 2026-04-16 | N/A |
| Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. | ||||
| CVE-2002-0243 | 1 Opera Software | 1 Opera Web Browser | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. | ||||