ReportizFlow
Filtered by vendor
Subscriptions
Total
29907 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1287 | 1 Sambar | 1 Sambar Server | 2026-04-16 | N/A |
| Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device. | ||||
| CVE-2003-1307 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP. | ||||
| CVE-2003-1318 | 1 Twilight Utilities | 1 Twilight Webserver | 2026-04-16 | N/A |
| Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376. | ||||
| CVE-2002-1270 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call. | ||||
| CVE-2005-2614 | 1 Crosscom Olicom | 1 Discuz | 2026-04-16 | N/A |
| Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php. | ||||
| CVE-2004-0885 | 2 Apache, Redhat | 6 Http Server, Enterprise Linux, Network Proxy and 3 more | 2026-04-16 | N/A |
| The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | ||||
| CVE-2002-1390 | 1 Geneweb | 1 Geneweb | 2026-04-16 | N/A |
| The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL. | ||||
| CVE-2004-1919 | 1 Crackalaka | 1 Crackalaka | 2026-04-16 | N/A |
| The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings. | ||||
| CVE-2002-1441 | 1 Tomahawk Technologies | 1 Steelarrow | 2026-04-16 | N/A |
| Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request. | ||||
| CVE-2002-1478 | 1 The Cacti Group | 1 Cacti | 2026-04-16 | N/A |
| Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode. | ||||
| CVE-2002-1547 | 1 Juniper | 1 Netscreen Screenos | 2026-04-16 | N/A |
| Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144. | ||||
| CVE-2002-1567 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script. | ||||
| CVE-2002-1614 | 1 Hp | 2 Hp-ux, Tru64 | 2026-04-16 | N/A |
| Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at. | ||||
| CVE-2002-1625 | 1 Macromedia | 1 Flash Player | 2026-04-16 | N/A |
| Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed. | ||||
| CVE-2002-1633 | 1 Qnx | 1 Qnx Rtos | 2026-04-16 | N/A |
| Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to (1) sample, (2) ex, (3) du, (4) find, (5) lex, (6) mkdir, (7) rm, (8) serserv, (9) tcpserv, (10) termdef, (11) time, (12) unzip, (13) use, (14) wcc, (15) wcc386, (16) wd, (17) wdisasm, (18) which, (19) wlib, (20) wlink, (21) wpp, (22) wpp386, (23) wprof, (24) write, or (25) wstrip. | ||||
| CVE-2002-1635 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin. | ||||
| CVE-2002-1644 | 1 Ssh | 1 Ssh2 | 2026-04-16 | N/A |
| SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges. | ||||
| CVE-2005-2691 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. | ||||
| CVE-2002-1895 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. | ||||
| CVE-2002-2008 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message. | ||||