Total
29737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1452 | 1 Mywebserver | 1 Mywebserver | 2025-04-03 | N/A |
| Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter. | ||||
| CVE-2002-0414 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | N/A |
| KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. | ||||
| CVE-2002-1224 | 2 Kde, Redhat | 2 Kde, Linux | 2025-04-03 | N/A |
| Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. | ||||
| CVE-2002-1454 | 1 Mywebserver | 1 Mywebserver | 2025-04-03 | N/A |
| MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message. | ||||
| CVE-2002-1225 | 1 Kth | 1 Heimdal | 2025-04-03 | N/A |
| Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access. | ||||
| CVE-2002-1460 | 1 Leszek Krupinski | 1 L-forum | 2025-04-03 | N/A |
| L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files. | ||||
| CVE-2002-0417 | 1 Endymion | 1 Mailman Webmail | 2025-04-03 | N/A |
| Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs. | ||||
| CVE-2002-0423 | 1 Efingerd | 1 Efingerd | 2025-04-03 | N/A |
| Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. | ||||
| CVE-2005-0546 | 2 Cyrus, Redhat | 2 Imapd, Enterprise Linux | 2025-04-03 | N/A |
| Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd. | ||||
| CVE-2005-4661 | 1 Campware.org | 1 Campsite | 2025-04-03 | N/A |
| The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password. | ||||
| CVE-2002-0434 | 1 Marcus S. Xenakis | 1 Directory.php | 2025-04-03 | N/A |
| Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter. | ||||
| CVE-2002-1238 | 1 Peter Sandvik | 1 Simple Web Server | 2025-04-03 | N/A |
| Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/. | ||||
| CVE-2002-1626 | 1 Mike Spice | 1 My Calendar | 2025-04-03 | N/A |
| Directory traversal vulnerability in Mike Spice My Calendar before 1.5 allows remote attackers to write arbitrary files via .. (dot dot) sequences in a URL. | ||||
| CVE-2002-1648 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. | ||||
| CVE-2002-1245 | 1 Frank Mcingvale | 1 Luxman | 2025-04-03 | N/A |
| Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program. | ||||
| CVE-2002-1470 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | N/A |
| SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file. | ||||
| CVE-2002-1627 | 1 Mike Spice | 1 Quiz Me | 2025-04-03 | N/A |
| Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! before 0.6 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the quiz parameter. | ||||
| CVE-2005-0547 | 1 Hp | 1 Hp-ux | 2025-04-03 | N/A |
| Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files." | ||||
| CVE-2005-4662 | 1 Ocomon | 1 Ocomon | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664. | ||||
| CVE-2002-0448 | 1 Xerver | 1 Xerver | 2025-04-03 | N/A |
| Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences. | ||||