Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-0889 | 2 Redhat, University Of Cambridge | 3 Linux, Powertools, Exim | 2026-04-16 | N/A |
| Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2001-0890 | 2 Redhat, Sane | 3 Linux, Powertools, Sane | 2026-04-16 | N/A |
| Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files. | ||||
| CVE-2004-2344 | 1 Vocaltec | 2 Vgw120 Telephony Gateway, Vgw480 Telephony Gateway | 2026-04-16 | N/A |
| Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW120 and VGW480 allows remote attackers to cause a denial of service. | ||||
| CVE-2002-0572 | 3 Freebsd, Openbsd, Sun | 4 Freebsd, Openbsd, Solaris and 1 more | 2026-04-16 | N/A |
| FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. | ||||
| CVE-2002-0579 | 1 Workforceroi | 1 Xpede | 2026-04-16 | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password. | ||||
| CVE-2001-0949 | 1 Valicert | 1 Enterprise Validation Authority | 2026-04-16 | N/A |
| Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length. | ||||
| CVE-2002-0580 | 1 Workforceroi | 1 Xpede | 2026-04-16 | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks. | ||||
| CVE-2002-0941 | 1 Ncipher | 2 Nforce, Nshield | 2026-04-16 | N/A |
| The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges. | ||||
| CVE-2002-0944 | 1 Deepmetrix | 1 Livestats | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program. | ||||
| CVE-2002-0949 | 1 Telindus | 1 Adsl Router | 2026-04-16 | N/A |
| Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext. | ||||
| CVE-2002-0584 | 1 Workforceroi | 1 Xpede | 2026-04-16 | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet. | ||||
| CVE-2004-2362 | 1 Phpx | 1 Phpx | 2026-04-16 | N/A |
| PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonstrated using forums.php. | ||||
| CVE-2002-0960 | 1 Voxel | 1 Cbms | 2026-04-16 | N/A |
| Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users. | ||||
| CVE-2002-0591 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename. | ||||
| CVE-2002-0592 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user. | ||||
| CVE-2004-2367 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro | 2026-04-16 | N/A |
| The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command. | ||||
| CVE-2002-1054 | 1 Pablo Software Solutions | 1 Pablo Ftp Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command. | ||||
| CVE-2002-1069 | 1 D-link | 1 Di-804 | 2026-04-16 | N/A |
| The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information. | ||||
| CVE-2004-2390 | 1 Jabberstudio | 1 Jabber Gadu-gadu Transport | 2026-04-16 | N/A |
| The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8, when using libgadu 1.0 and later, allows attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2002-1098 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2026-04-16 | N/A |
| Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator. | ||||