Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-0216 1 Xoops 1 Xoops 2026-04-16 N/A
userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.
CVE-2002-1201 1 Ibm 1 Aix 2026-04-16 N/A
IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers.
CVE-2002-0214 1 Intel 1 Intel Pro Wireless 2011b Lan Usb Device Driver 2026-04-16 N/A
Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key.
CVE-2002-1198 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.
CVE-2003-0979 1 Freescripts 1 Visitorbook 2026-04-16 N/A
FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.
CVE-2003-0978 1 Gnu 1 Privacy Guard 2026-04-16 N/A
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
CVE-2002-1185 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
CVE-2003-0977 3 Cvs, Redhat, Slackware 4 Cvs, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
CVE-2002-1182 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
CVE-2002-0193 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
CVE-2006-2674 1 Tamber Forum 1 Tamber Forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp.
CVE-2006-2672 1 Interquest Internet Services 1 Realty Pro One 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.
CVE-2006-2671 1 Calendarscripts.com 1 Chatpat 2026-04-16 N/A
SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field.
CVE-2002-0190 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.
CVE-2006-2667 1 Wordpress 1 Wordpress 2026-04-16 N/A
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
CVE-2006-2664 1 Ifdate.com 1 Ifdate 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes.
CVE-2002-1145 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
CVE-2006-2653 1 D-link 1 Dsa-3100 Airspot Gateway 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
CVE-2002-1143 1 Microsoft 2 Excel, Word 2026-04-16 N/A
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
CVE-2006-2644 1 Awstats 1 Awstats 2026-04-16 N/A
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.