Export limit exceeded: 26471 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26471 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2237 | 1 Tftp | 1 Tftp Server | 2026-04-16 | N/A |
| tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a denial of service via a GET request with a DOS device name such as com1 or aux. | ||||
| CVE-2002-2228 | 1 Mailscanner | 1 Mailscanner | 2026-04-16 | N/A |
| MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner. | ||||
| CVE-2002-2236 | 1 Apt-www-proxy | 1 Apt-www-proxy | 2026-04-16 | N/A |
| Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code. | ||||
| CVE-2002-2094 | 1 Joetesta | 1 Hellbent | 2026-04-16 | N/A |
| Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct. | ||||
| CVE-2002-1432 | 1 Coxco Support | 7 A-cart, Metacart, Midicart Asp and 4 more | 2026-04-16 | N/A |
| MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. | ||||
| CVE-2002-1360 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2026-04-16 | N/A |
| Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. | ||||
| CVE-2002-1359 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2026-04-16 | N/A |
| Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. | ||||
| CVE-2002-1358 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2026-04-16 | N/A |
| Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | ||||
| CVE-2002-0596 | 1 Webtrends | 1 Reporting Center | 2026-04-16 | N/A |
| WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message. | ||||
| CVE-2002-0515 | 1 Phildev | 1 Ipfilter | 2026-04-16 | N/A |
| IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs. | ||||
| CVE-2002-0514 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL. | ||||
| CVE-2002-0419 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server. | ||||
| CVE-2000-1191 | 2 Htdig Project, Redhat | 2 Htdig, Enterprise Linux | 2026-04-16 | N/A |
| htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. | ||||
| CVE-2000-0588 | 1 Sawmill | 1 Sawmill | 2026-04-16 | N/A |
| SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands. | ||||
| CVE-2000-0400 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post. | ||||
| CVE-2000-0380 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. | ||||
| CVE-2000-0368 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. | ||||
| CVE-1999-1136 | 1 Hp | 2 Hp-ux, Mpe Ix | 2026-04-16 | N/A |
| Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems. | ||||
| CVE-1999-0348 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. | ||||
| CVE-1999-0265 | 2 Microware, Novell | 2 Os-9, Netware | 2026-04-16 | N/A |
| ICMP redirect messages may crash or lock up a host. | ||||