Search Results (355 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-34582 2 Botan Project, Randombit 2 Botan, Botan 2026-04-17 9.1 Critical
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.
CVE-2026-22732 2 Spring, Vmware 2 Spring Security, Spring Security 2026-04-16 9.1 Critical
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.  This issue affects Spring Security Servlet applications using lazy (default) writing of HTTP Headers: : from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.
CVE-2003-1457 1 Auerswald 1 Comsuite Cti Controlcenter 2026-04-16 N/A
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.
CVE-2003-1449 1 Aladdin Knowledge Systems 1 Esafe Gateway 2026-04-16 N/A
Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection.
CVE-2003-1426 1 Cpanel 1 Cpanel 2026-04-16 N/A
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
CVE-2003-1422 1 Gentoo 1 Syslinux 2026-04-16 N/A
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
CVE-2003-1367 1 Great Circle Associates 1 Majordomo 2026-04-16 N/A
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.
CVE-2003-1362 1 Hp 2 Bastille, Hp-ux 2026-04-16 N/A
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
CVE-2003-1357 2 Microsoft, Replicom 2 Windows Nt, Proxyview 2026-04-16 N/A
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
CVE-2003-1352 1 Gabber 1 Gabber 2026-04-16 N/A
Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing.
CVE-2003-1341 1 Trend Micro 2 Officescan, Virus Buster 2026-04-16 N/A
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
CVE-2002-2373 1 Apple 2 Apple Laserwriter, Tcp Ip Configuration Utility 2026-04-16 N/A
The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access.
CVE-2002-2336 1 Symantec 1 Norton Personal Firewall 2026-04-16 N/A
Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
CVE-2002-2335 1 John Drake 1 Killer Protection 2026-04-16 N/A
Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php.
CVE-2002-2331 1 Cascadesoft 1 W3mail 2026-04-16 N/A
W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.
CVE-2002-2285 1 Broadcom 1 Inoculateit 2026-04-16 N/A
eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection.
CVE-2002-2280 1 Openbsd 1 Openbsd 2026-04-16 N/A
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.
CVE-2002-2263 1 Hp 2 Hp-ux, Visualize Conference Ftp 2026-04-16 N/A
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.
CVE-2002-2247 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
CVE-2002-2234 1 Netscreen 1 Screenos 2026-04-16 N/A
NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests.