Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-2221 1 Mercantec 1 Softcart 2026-04-16 N/A
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.
CVE-2002-0523 1 Asp-nuke 1 Asp-nuke 2026-04-16 N/A
ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie.
CVE-2001-0834 5 Conectiva, Debian, Htdig and 2 more 5 Linux, Debian Linux, Htdig and 2 more 2026-04-16 N/A
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
CVE-2004-0944 1 Mitel 1 Mitel 3300 Integrated Communication Platform 2026-04-16 N/A
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.
CVE-2004-2290 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder.
CVE-2004-0831 1 Mcafee 1 Virusscan 2026-04-16 N/A
McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges.
CVE-2002-0676 1 Apple 1 Mac Os X 2026-04-16 N/A
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
CVE-2004-2304 1 Cerulean Studios 2 Trillian, Trillian Pro 2026-04-16 N/A
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
CVE-2004-2313 1 Inter7 1 Sqwebmail 2026-04-16 N/A
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
CVE-2002-0555 1 Ibm 1 Informix Web Datablade 2026-04-16 N/A
IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
CVE-2002-0557 1 Openbsd 1 Openbsd 2026-04-16 N/A
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
CVE-2001-0871 2 Alchemy Lab, Dek Software 2 Alchemy Eye, Alchemy Network Monitor 2026-04-16 N/A
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.
CVE-2002-0882 1 Cisco 2 Skinny Client Control Protocol Software, Voip Phone Cp-7940 2026-04-16 N/A
The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script.
CVE-2001-0888 3 Atmel, Linksys, Netgear 3 Firmware, Wap11, Me102 2026-04-16 N/A
Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.
CVE-2002-0919 1 Cgiscript.net 1 Cspassword 2026-04-16 N/A
CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page.
CVE-2002-0580 1 Workforceroi 1 Xpede 2026-04-16 N/A
WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.
CVE-2002-0944 1 Deepmetrix 1 Livestats 2026-04-16 N/A
Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program.
CVE-2002-0952 1 Cisco 1 Optical Networking Systems Software 2026-04-16 N/A
Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface.
CVE-2002-0590 1 Icredibb 1 Icredibb 2026-04-16 N/A
Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts.
CVE-2002-1014 1 Realnetworks 3 Realjukebox 2, Realjukebox 2 Plus, Realone Player 2026-04-16 N/A
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.