Total
345026 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0534 | 1 Postboard | 1 Postboard | 2026-04-16 | N/A |
| PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | ||||
| CVE-1999-1585 | 1 Sun | 1 Sunos | 2026-04-16 | N/A |
| The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges. | ||||
| CVE-2002-0535 | 2 Postboard, Postnuke Software Foundation | 2 Postboard, Postnuke | 2026-04-16 | N/A |
| Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title. | ||||
| CVE-2002-0536 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. | ||||
| CVE-2002-0537 | 1 Stepweb | 1 Sws | 2026-04-16 | N/A |
| The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS. | ||||
| CVE-2002-0539 | 1 Demarc Security | 1 Puresecure | 2026-04-16 | N/A |
| Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. | ||||
| CVE-2006-3076 | 1 Phpbluedragon | 1 Phpbluedragon Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PhpBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. | ||||
| CVE-2006-3640 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." | ||||
| CVE-2006-4043 | 1 Mywebland | 1 Mybloggie | 2026-04-16 | N/A |
| index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. | ||||
| CVE-2002-0543 | 1 Aprelium Technologies | 1 Abyss Web Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request. | ||||
| CVE-2006-4047 | 1 Netious Cms | 1 Netious Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2002-0552 | 1 Melange | 1 Melange Chat System | 2026-04-16 | N/A |
| Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks. | ||||
| CVE-2002-0553 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration. | ||||
| CVE-2002-0557 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval(). | ||||
| CVE-2002-0223 | 2 Infopop, Wired Community Software | 2 Ultimate Bulletin Board, Wwwthreads | 2026-04-16 | N/A |
| Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension. | ||||
| CVE-2002-0558 | 1 Typsoft | 1 Typsoft Ftp Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters. | ||||
| CVE-2000-0047 | 1 Yahoo | 1 Pager | 2026-04-16 | N/A |
| Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message. | ||||
| CVE-2002-0559 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2026-04-16 | N/A |
| Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. | ||||
| CVE-2000-0056 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. | ||||
| CVE-2002-0565 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2026-04-16 | N/A |
| Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages. | ||||