Total
29923 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1278 | 1 Zope | 1 Zope | 2026-04-16 | N/A |
| Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | ||||
| CVE-2002-2163 | 1 Killervault | 1 Kvpoll | 2026-04-16 | N/A |
| KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php. | ||||
| CVE-2006-3854 | 1 Ibm | 1 Informix Dynamic Database Server | 2026-04-16 | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853. | ||||
| CVE-2002-2173 | 1 Cerulean Studios | 1 Trillian | 2026-04-16 | N/A |
| Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message. | ||||
| CVE-2006-3858 | 1 Ibm | 1 Informix Dynamic Server | 2026-04-16 | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772). | ||||
| CVE-2002-2176 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. | ||||
| CVE-2006-3861 | 1 Ibm | 1 Informix Dynamic Server | 2026-04-16 | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases. | ||||
| CVE-2002-2183 | 1 Phpshare | 1 Phpshare | 2026-04-16 | N/A |
| phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to include and execute arbitrary PHP scripts from remote servers. | ||||
| CVE-2006-3938 | 1 Dotclear | 1 Dotclear | 2026-04-16 | N/A |
| DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages. | ||||
| CVE-2002-2186 | 1 Macromedia | 1 Jrun | 2026-04-16 | N/A |
| Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL. | ||||
| CVE-2002-2190 | 1 Artscore Studios | 1 Cutecast Forum | 2026-04-16 | N/A |
| ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext under the web document root, which allows remote attackers to obtain the passwords via an HTTP request to a .user file. | ||||
| CVE-2001-1301 | 2 Gnu, Xemacs | 2 Emacs, Xemacs | 2026-04-16 | N/A |
| rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. | ||||
| CVE-2002-2198 | 1 Zmailer | 1 Zmailer | 2026-04-16 | N/A |
| Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to execute arbitrary code during HELO processing from an IPv6 address, possibly using an address that resolves to a long hostname. | ||||
| CVE-2002-2201 | 1 Webmin | 1 Webmin | 2026-04-16 | N/A |
| The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name. | ||||
| CVE-2002-2204 | 1 Redhat | 1 Redhat Package Manager | 2026-04-16 | N/A |
| The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source. | ||||
| CVE-2002-2210 | 1 Openoffice | 1 Openoffice | 2026-04-16 | N/A |
| The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file. | ||||
| CVE-2002-2213 | 2 Infoblox, Isc | 2 Dns One, Bind | 2026-04-16 | N/A |
| The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | ||||
| CVE-2002-2217 | 1 Comscripts | 1 Web Server Creator | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php. | ||||
| CVE-2006-3959 | 1 X-scripts | 1 X-statistics | 2026-04-16 | N/A |
| SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter. | ||||
| CVE-2002-2219 | 1 Chetcpasswd | 1 Chetcpasswd | 2026-04-16 | N/A |
| chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field. | ||||