Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-0466 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.
CVE-2003-0043 1 Apache 1 Tomcat 2026-04-16 N/A
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
CVE-2002-0470 1 Phpnettoolpack 1 Phpnettoolpack 2026-04-16 N/A
PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.
CVE-2003-0044 1 Apache 1 Tomcat 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
CVE-2003-0049 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.
CVE-2005-1521 1 Gnu 1 Mailutils 2026-04-16 N/A
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.
CVE-2002-0482 1 Newlog 1 Netsupport Manager 2026-04-16 N/A
Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
CVE-2003-0053 1 Apple 2 Darwin Streaming Server, Quicktime Streaming Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
CVE-2002-0484 1 Php 1 Php 2026-04-16 N/A
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
CVE-2005-3215 1 Mcafee 1 Antivirus Engine 2026-04-16 N/A
Multiple interpretation error in unspecified versions of McAfee Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2002-0486 1 Workforceroi 1 Xpede 2026-04-16 N/A
Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.
CVE-2002-0491 1 Alguest 1 Alguest 2026-04-16 N/A
admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.
CVE-2002-0492 1 Dcscripts 1 Dcshop 2026-04-16 N/A
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
CVE-2002-0496 1 Southwest 1 Southwest 2026-04-16 N/A
The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.
CVE-2003-0054 1 Apple 2 Darwin Streaming Server, Quicktime Streaming Server 2026-04-16 N/A
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser.
CVE-2005-1579 1 Apple 1 Quicktime 2026-04-16 N/A
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.
CVE-2002-0497 1 Mtr 1 Mtr 2026-04-16 N/A
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
CVE-2005-1584 1 Open Solution 1 Quick.forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action.
CVE-2002-0502 1 Citrix 1 Nfuse 2026-04-16 N/A
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
CVE-2002-0505 1 Cisco 1 Call Manager 2026-04-16 N/A
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.