Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1226 1 Kth 1 Heimdal 2025-04-03 N/A
Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).
CVE-2002-1461 1 Webscriptworld 1 Web Shop Manager 2025-04-03 N/A
Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.
CVE-2002-0421 1 Microsoft 1 Windows Nt 2025-04-03 N/A
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
CVE-2002-0423 1 Efingerd 1 Efingerd 2025-04-03 N/A
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.
CVE-2002-0425 1 Khaled Mardam-bey 1 Mirc 2025-04-03 N/A
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.
CVE-2002-0427 1 Christof Pohl 1 Improved Mod Frontpage 2025-04-03 N/A
Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.
CVE-2005-0545 1 Microsoft 2 Windows 2000, Windows Xp 2025-04-03 N/A
Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
CVE-2005-4659 1 Ipcop 1 Ipcop 2025-04-03 N/A
IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup.
CVE-2002-0482 1 Newlog 1 Netsupport Manager 2025-04-03 N/A
Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
CVE-2005-0586 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
CVE-2002-0489 1 Linux Directory Penguin 1 Nslookup 2025-04-03 N/A
Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.
CVE-2002-0490 1 Instant Web Mail 1 Instant Web Mail 2025-04-03 N/A
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
CVE-2002-0491 1 Alguest 1 Alguest 2025-04-03 N/A
admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.
CVE-2002-1266 1 Apple 1 Mac Os X 2025-04-03 N/A
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."
CVE-2002-1269 1 Apple 1 Mac Os X 2025-04-03 N/A
Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.
CVE-2005-0589 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-03 N/A
The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.
CVE-2005-4670 1 Citypost 1 Php Lnkx 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2002-1276 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2025-04-03 N/A
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
CVE-2002-0500 1 Microsoft 1 Internet Explorer 2025-04-03 N/A
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
CVE-2002-1278 1 Jacques Gelinas 1 Linuxconf 2025-04-03 N/A
The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.