Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1080 1 Aprelium Technologies 1 Abyss Web Server 2026-04-16 N/A
The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl.
CVE-2002-1081 1 Aprelium Technologies 1 Abyss Web Server 2026-04-16 N/A
The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character.
CVE-2002-1086 1 Visualshapers 1 Ezcontents 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier allow remote attackers to conduct unauthorized activities.
CVE-2006-3681 1 Awstats 1 Awstats 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.
CVE-2006-0343 1 Hitachi 2 Jpi Netsight Ii Port Discovery Advance, Jpi Netsight Ii Port Discovery Standard 2026-04-16 N/A
Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving "invalid format data".
CVE-2006-3686 1 Hp 1 Openvms 2026-04-16 N/A
Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash).
CVE-2002-1087 1 Visualshapers 1 Ezcontents 2026-04-16 N/A
The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request.
CVE-2005-4869 1 Ibm 1 Db2 2026-04-16 N/A
The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.
CVE-2002-1090 2 Libesmtp, Redhat 3 Libesmtp, Enterprise Linux, Linux 2026-04-16 N/A
Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.
CVE-2002-1092 1 Cisco 1 Vpn 3000 Concentrator Series Software 2026-04-16 N/A
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.
CVE-2002-1093 1 Cisco 1 Vpn 3000 Concentrator Series Software 2026-04-16 N/A
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request.
CVE-2006-0085 1 Nkads 1 Nkads 2026-04-16 N/A
SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters.
CVE-2006-0086 1 Next Generation Image Gallery 1 Next Generation Image Gallery 2026-04-16 N/A
Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2002-1233 1 Apache 1 Http Server 2026-04-16 N/A
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
CVE-2006-0089 1 Esri 1 Arcpad 2026-04-16 N/A
Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute.
CVE-2002-1242 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php.
CVE-2006-0095 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.
CVE-2002-1245 1 Frank Mcingvale 1 Luxman 2026-04-16 N/A
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.
CVE-2002-1248 1 Northern Solutions 1 Xeneo Web Server 2026-04-16 N/A
Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI.
CVE-2006-0098 1 Openbsd 1 Openbsd 2026-04-16 N/A
The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.