Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0283 1 David Barrett 1 Qwikiwiki 2026-04-16 N/A
Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter.
CVE-2005-0284 1 Woltlab 1 Burning Book 2026-04-16 N/A
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.
CVE-2005-0289 1 Apple 2 Airport Express, Airport Extreme 2026-04-16 N/A
Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs.
CVE-2005-0292 1 Php Gift Registry 1 Phpgiftreg 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.
CVE-2005-0293 1 Minis 1 Minis 2026-04-16 N/A
Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the month parameter.
CVE-2002-0488 1 Linux Directory Penguin 1 Linux Directory Penguin Traceroute 2026-04-16 N/A
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.
CVE-2002-0489 1 Linux Directory Penguin 1 Nslookup 2026-04-16 N/A
Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.
CVE-2002-0490 1 Instant Web Mail 1 Instant Web Mail 2026-04-16 N/A
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
CVE-2004-0698 1 4d 1 Webstar 2026-04-16 N/A
4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.
CVE-2002-0492 1 Dcscripts 1 Dcshop 2026-04-16 N/A
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
CVE-2002-0494 1 Websight Directory System 1 Websight Directory System 2026-04-16 N/A
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.
CVE-2002-0496 1 Southwest 1 Southwest 2026-04-16 N/A
The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.
CVE-2002-0497 1 Mtr 1 Mtr 2026-04-16 N/A
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
CVE-2002-0498 1 Etnus 1 Totalview 2026-04-16 N/A
Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.
CVE-2002-0499 1 Linux 1 Linux Kernel 2026-04-16 N/A
The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.
CVE-2002-0776 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
CVE-2002-0777 1 Ipswitch 1 Imail 2026-04-16 N/A
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
CVE-2002-0778 1 Cisco 8 Cache Engine 505, Cache Engine 550, Cache Engine 570 and 5 more 2026-04-16 N/A
The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.
CVE-2002-0794 1 Freebsd 1 Freebsd 2026-04-16 N/A
The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue.
CVE-2002-0795 1 Freebsd 1 Freebsd 2026-04-16 N/A
The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.