Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1755 1 Tinc 1 Tinc 2026-04-16 N/A
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
CVE-2002-1756 1 Acd Systems 1 Acdsee 2026-04-16 N/A
ACDSee 4.0 allows remote attackers to cause a denial of service (crash) via an .ais file with a long file description field, which is not properly handled when the file properties of the file are viewed.
CVE-2003-0175 1 Sgi 1 Irix 2026-04-16 N/A
SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl.
CVE-2003-0848 2 Redhat, Slocate 3 Enterprise Linux, Linux, Slocate 2026-04-16 N/A
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
CVE-2002-1757 1 Phprojekt 1 Phprojekt 2026-04-16 N/A
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
CVE-2003-0176 1 Sgi 1 Irix 2026-04-16 N/A
The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan.
CVE-2003-0853 3 Gnu, Redhat, Washington University 4 Fileutils, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
CVE-2003-1310 1 Symantec 1 Norton Antivirus 2026-04-16 N/A
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").
CVE-2002-1758 1 Phprojekt 1 Phprojekt 2026-04-16 N/A
PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in.
CVE-2003-0861 1 Php 1 Php 2026-04-16 N/A
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
CVE-2003-1311 1 Netegrity 1 Siteminder 2026-04-16 N/A
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
CVE-2003-0177 1 Sgi 1 Irix 2026-04-16 N/A
SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently.
CVE-2002-1759 1 Phprojekt 1 Phprojekt 2026-04-16 N/A
The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files.
CVE-2003-1315 1 Neocrome 1 Land Down Under 2026-04-16 N/A
SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands.
CVE-2002-1760 1 Phprojekt 1 Phprojekt 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors.
CVE-2003-0192 2 Apache, Redhat 5 Http Server, Enterprise Linux, Linux and 2 more 2026-04-16 N/A
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
CVE-2003-0863 1 Php 1 Php 2026-04-16 N/A
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
CVE-2003-1313 1 Eternalmart 1 Mailing List Manager 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php.
CVE-2003-1316 1 Endonesia 1 Endonesia 2026-04-16 N/A
mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2004-0034 1 Phorum 1 Phorum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.