Export limit exceeded: 362845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0802 2 Postgresql, Redhat 2 Postgresql, Database 2026-04-16 N/A
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
CVE-2000-1014 1 Sco 1 Unixware 2026-04-16 N/A
Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.
CVE-2000-1015 1 Open Source Development Network 1 Slashcode 2026-04-16 N/A
The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode privileges and possibly execute arbitrary commands.
CVE-2002-0225 1 Cisco 1 Tacacs\+ 2026-04-16 N/A
tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files.
CVE-2000-1016 1 Suse 1 Suse Linux 2026-04-16 N/A
The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
CVE-2002-0226 1 Dcscripts 1 Dcforum 2026-04-16 N/A
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
CVE-2000-1017 1 Webteacher 1 Webdata 2026-04-16 N/A
Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database.
CVE-2002-0227 2 Kde, Kicq 2 Kde, Kicq 2026-04-16 N/A
KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.
CVE-2002-0809 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.
CVE-2000-1018 1 Mendel Cooper 1 Shred 2026-04-16 N/A
shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file.
CVE-2000-1019 1 Inktomi 1 Search Software 2026-04-16 N/A
Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL.
CVE-2002-0228 1 Microsoft 1 Msn Messenger 2026-04-16 N/A
Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).
CVE-2002-0232 1 Mrtg 1 Multi Router Traffic Grapher Cgi 2026-04-16 N/A
Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi.
CVE-2002-0233 1 Eshare Communications Inc. 1 Eshare Expressions 2026-04-16 N/A
Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
CVE-2002-0234 1 Juniper 1 Netscreen Screenos 2026-04-16 N/A
NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections.
CVE-2002-0810 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
CVE-2002-1265 3 Apple, Gnu, Sgi 4 Mac Os X, Mac Os X Server, Glibc and 1 more 2026-04-16 N/A
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
CVE-2002-0235 1 Castelle 1 Faxpress 2026-04-16 N/A
Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event.
CVE-2002-0811 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.
CVE-2000-1039 1 Microsoft 5 Windows 95, Windows 98, Windows 98se and 2 more 2026-04-16 N/A
Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.