Total
29891 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2337 | 1 Inlook | 1 Inlook | 2025-04-03 | N/A |
| The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials. | ||||
| CVE-2002-2015 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter. | ||||
| CVE-2002-2016 | 1 User-mode Linux | 1 User-mode Linux | 2025-04-03 | N/A |
| User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code. | ||||
| CVE-2002-2017 | 1 Sas | 2 Base, Integration Technologies | 2025-04-03 | N/A |
| sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. | ||||
| CVE-2002-2018 | 1 Sas | 2 Base, Integration Technologies | 2025-04-03 | N/A |
| sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. | ||||
| CVE-2002-1755 | 1 Tinc | 1 Tinc | 2025-04-03 | N/A |
| tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. | ||||
| CVE-2002-1758 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | N/A |
| PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in. | ||||
| CVE-2002-2020 | 1 Netgear | 1 Rp114 | 2025-04-03 | N/A |
| Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed. | ||||
| CVE-2002-2022 | 1 Kaffe | 1 Kaffe Openvm | 2025-04-03 | N/A |
| Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute. | ||||
| CVE-2002-2023 | 1 Yamaguchi | 1 Shingo Beep2 | 2025-04-03 | N/A |
| The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors. | ||||
| CVE-2004-0131 | 1 Gnu | 1 Radius | 2025-04-03 | N/A |
| The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. | ||||
| CVE-2002-2025 | 1 Ibm | 1 Lotus Domino Server | 2025-04-03 | N/A |
| Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to the device name. | ||||
| CVE-2004-0806 | 2 Cdrtools, Redhat | 2 Cdrecord, Enterprise Linux | 2025-04-03 | N/A |
| cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. | ||||
| CVE-2004-1855 | 1 Mythic Entertainment | 1 Dark Age Of Camelot | 2025-04-03 | N/A |
| Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack. | ||||
| CVE-2002-2042 | 1 Qnx | 1 Rtos | 2025-04-03 | N/A |
| ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes. | ||||
| CVE-2002-1780 | 1 Alcatech Gmbh | 1 Bpm Studio Pro | 2025-04-03 | N/A |
| BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves. | ||||
| CVE-2002-1782 | 1 University Of Washington | 1 Uw-imap | 2025-04-03 | N/A |
| The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user. | ||||
| CVE-2004-1858 | 1 Hp | 1 Web Jetadmin | 2025-04-03 | N/A |
| HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. | ||||
| CVE-2002-2043 | 1 Cyrus | 1 Sasl | 2025-04-03 | N/A |
| SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password. | ||||
| CVE-2002-1792 | 1 Fake Identd | 1 Fake Identd | 2025-04-03 | N/A |
| Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers to execute arbitrary code as root via a long request that is split into multiple packets. | ||||