Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0186 1 Microsoft 1 Sql Server 2026-04-16 N/A
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
CVE-2002-0782 1 Novell 1 Bordermanager 2026-04-16 N/A
Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface.
CVE-2002-0187 1 Microsoft 1 Sql Server 2026-04-16 N/A
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
CVE-2002-0783 1 Opera Software 1 Opera Web Browser 2026-04-16 N/A
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.
CVE-2002-0188 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
CVE-2002-0190 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.
CVE-2002-0191 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
CVE-2002-0784 1 Lysias 1 Lidik Webserver 2026-04-16 N/A
Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot).
CVE-2002-0193 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
CVE-2002-0196 1 Acd Incorporated 1 Cwpapi 2026-04-16 N/A
GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
CVE-2002-0197 1 Psychoid 1 Psybnc 2026-04-16 N/A
psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.
CVE-2000-0919 1 Phpix 1 Phpix 2026-04-16 N/A
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2002-0212 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.
CVE-2000-0920 1 Boa 1 Boa Webserver 2026-04-16 N/A
Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "."
CVE-2002-0213 2 Sgi, Xinet 2 Irix, K-ashare 2026-04-16 N/A
xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.
CVE-2000-0936 1 Samba 1 Samba 2026-04-16 N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
CVE-2000-0937 1 Samba 1 Samba 2026-04-16 N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.
CVE-2002-0215 1 Steve Kneizys 1 Agora.cgi 2026-04-16 N/A
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.
CVE-2002-0792 1 Cisco 2 Content Services Switch 11000, Webns 2026-04-16 N/A
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
CVE-2000-0938 1 Samba 1 Samba 2026-04-16 N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.