Total
345033 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0557 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval(). | ||||
| CVE-2002-0223 | 2 Infopop, Wired Community Software | 2 Ultimate Bulletin Board, Wwwthreads | 2026-04-16 | N/A |
| Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension. | ||||
| CVE-2002-0558 | 1 Typsoft | 1 Typsoft Ftp Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters. | ||||
| CVE-2000-0047 | 1 Yahoo | 1 Pager | 2026-04-16 | N/A |
| Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message. | ||||
| CVE-2002-0559 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2026-04-16 | N/A |
| Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. | ||||
| CVE-2000-0056 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. | ||||
| CVE-2002-0565 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2026-04-16 | N/A |
| Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages. | ||||
| CVE-2002-0571 | 1 Oracle | 1 Oracle9i | 2026-04-16 | N/A |
| Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. | ||||
| CVE-2002-0581 | 1 Workforceroi | 1 Xpede | 2026-04-16 | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script. | ||||
| CVE-2001-1488 | 1 Open Projects Network | 1 Open Projects Network Ircd | 2026-04-16 | N/A |
| Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon. | ||||
| CVE-2004-1770 | 1 Cpanel | 1 Cpanel | 2026-04-16 | N/A |
| The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter. | ||||
| CVE-2002-0608 | 1 Matu | 1 Matu Ftp | 2026-04-16 | N/A |
| Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner. | ||||
| CVE-2002-0612 | 1 Craig Patchett | 1 Fileseek | 2026-04-16 | N/A |
| FileSeek.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) head or (2) foot parameters. | ||||
| CVE-2002-0619 | 1 Microsoft | 1 Office | 2026-04-16 | N/A |
| The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). | ||||
| CVE-2006-1864 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863. | ||||
| CVE-2000-0108 | 1 Intelligent Vending Systems | 1 Intellivend | 2026-04-16 | N/A |
| The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | ||||
| CVE-2006-1919 | 1 Thomas Voecking | 1 Internet Photoshow | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2002-0621 | 1 Microsoft | 1 Commerce Server | 2026-04-16 | N/A |
| Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. | ||||
| CVE-2002-0627 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2026-04-16 | N/A |
| The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. | ||||
| CVE-2006-2896 | 1 Funkboard | 1 Funkboard | 2026-04-16 | N/A |
| profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action. | ||||