ReportizFlow
Filtered by vendor
Subscriptions
Total
29902 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0331 | 1 Alcatech Gmbh | 1 Bpm Studio Pro | 2026-04-16 | N/A |
| Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. | ||||
| CVE-2000-0940 | 1 Metertek | 1 Pagelog.cgi | 2026-04-16 | N/A |
| Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter. | ||||
| CVE-2000-0950 | 1 Tis | 1 Internet Firewall Toolkit | 2026-04-16 | N/A |
| Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name. | ||||
| CVE-2000-0951 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | N/A |
| A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. | ||||
| CVE-2000-0957 | 1 Pam Mysql | 1 Pam Mysql | 2026-04-16 | N/A |
| The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes. | ||||
| CVE-2002-0407 | 1 Lotus | 1 Domino | 2026-04-16 | N/A |
| htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. | ||||
| CVE-2002-0429 | 2 Linux, Redhat | 2 Linux Kernel, Linux | 2026-04-16 | N/A |
| The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall). | ||||
| CVE-2002-0431 | 1 Dave Lawrence | 1 Xtux | 2026-04-16 | N/A |
| XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection. | ||||
| CVE-2002-0456 | 1 Qualcomm | 1 Eudora | 2026-04-16 | N/A |
| Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | ||||
| CVE-2002-0459 | 1 Linux-sottises | 2 Board-tnk, News-tnk | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | ||||
| CVE-2005-2839 | 1 Maxdev | 1 Md-pro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php. | ||||
| CVE-2002-0501 | 1 Posadis | 1 Posadis | 2026-04-16 | N/A |
| Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages. | ||||
| CVE-2000-1001 | 1 Element N.v | 1 Element Instantshop | 2026-04-16 | N/A |
| add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable. | ||||
| CVE-2000-1008 | 1 Palm | 1 Palm Os | 2026-04-16 | N/A |
| PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device. | ||||
| CVE-2000-1020 | 1 Alt-n | 1 Mdaemon | 2026-04-16 | N/A |
| Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | ||||
| CVE-2002-0554 | 1 Ibm | 1 Informix Web Datablade | 2026-04-16 | N/A |
| webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. | ||||
| CVE-2000-1038 | 1 Ibm | 1 As400 Firewall | 2026-04-16 | N/A |
| The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request. | ||||
| CVE-2005-1121 | 2 Gentoo, Igor Khasilev | 2 Linux, Oops Proxy Server | 2026-04-16 | N/A |
| Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. | ||||
| CVE-2000-1044 | 1 Suse | 1 Suse Linux | 2026-04-16 | N/A |
| Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges. | ||||
| CVE-2002-0600 | 2 Kth, Luke Mewburn | 2 Kth Kerberos, Lukemftp | 2026-04-16 | N/A |
| Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request. | ||||