Total
29926 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2438 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field. | ||||
| CVE-2002-0681 | 1 Goahead Software | 1 Goahead Webserver | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. | ||||
| CVE-2002-1781 | 1 Delegate | 1 Delegate | 2026-04-16 | N/A |
| Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy. | ||||
| CVE-2002-0683 | 1 Pacific Software | 1 Carello | 2026-04-16 | N/A |
| Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter. | ||||
| CVE-2001-1553 | 1 University Of California | 1 Seti At Home | 2026-04-16 | N/A |
| Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE. | ||||
| CVE-2001-1555 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY. | ||||
| CVE-2002-0399 | 2 Gnu, Redhat | 3 Tar, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. | ||||
| CVE-2002-1822 | 1 Ibm | 1 Http Server | 2026-04-16 | N/A |
| IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). | ||||
| CVE-2001-1560 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2026-04-16 | N/A |
| Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. | ||||
| CVE-2002-1837 | 1 Ids | 1 Ids | 2026-04-16 | N/A |
| The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not. | ||||
| CVE-2004-2442 | 1 F-secure | 5 F-secure Anti-virus, F-secure For Firewalls, F-secure Internet Security and 2 more | 2026-04-16 | N/A |
| Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system. | ||||
| CVE-2001-1562 | 1 Bsd | 1 Nvi | 2026-04-16 | N/A |
| Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename. | ||||
| CVE-2002-1847 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. | ||||
| CVE-2001-1569 | 1 Cmg | 1 Openwave Wap Gateway | 2026-04-16 | N/A |
| Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | ||||
| CVE-2004-1219 | 1 Php Arena | 1 Pafiledb | 2026-04-16 | N/A |
| paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session. | ||||
| CVE-2004-0316 | 1 Avirt | 1 Avirt Soho | 2026-04-16 | N/A |
| Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a denial of service (crash) via (1) a large GET request to port 1080 or (2) a large GET request of % characters to port 8080. | ||||
| CVE-2004-2450 | 1 Gamespy | 4 Roger Wilco, Roger Wilco Dedicated Server, Roger Wilco Graphical Server and 1 more | 2026-04-16 | N/A |
| The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2001-1570 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | N/A |
| Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. | ||||
| CVE-2004-2453 | 1 Tutti Nova | 1 Tutti Nova | 2026-04-16 | N/A |
| Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors. | ||||
| CVE-2001-1581 | 1 Clearswift Limited | 1 Mailsweeper | 2026-04-16 | N/A |
| The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows remote attackers to bypass e-mail attachment filtering policies via a modified name in a Content-Type header. | ||||