Export limit exceeded: 19661 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (24926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1907 1 Microsoft 1 Isa Server 2026-04-16 N/A
The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
CVE-2005-1987 1 Microsoft 4 Exchange Server, Windows 2000, Windows Server 2003 and 1 more 2026-04-16 N/A
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
CVE-2002-0832 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.
CVE-2006-0935 1 Microsoft 1 Word 2026-04-16 N/A
Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
CVE-2002-0975 1 Microsoft 1 Directx Files Viewer Control 2026-04-16 N/A
Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
CVE-2005-2143 1 Microsoft 1 Frontpage 2026-04-16 N/A
Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.
CVE-2006-1190 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.
CVE-2005-2087 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
CVE-2006-1304 1 Microsoft 2 Excel, Excel Viewer 2026-04-16 N/A
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
CVE-2005-0360 1 Microsoft 1 Log Sink Class Activex Control 2026-04-16 N/A
The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files.
CVE-2006-3074 2 Kaspersky, Microsoft 4 Kaspersky Anti-virus, Kaspersky Internet Security, Windows and 1 more 2026-04-16 N/A
klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.
CVE-2005-2225 1 Microsoft 1 Msn Messenger Service 2026-04-16 N/A
Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers.
CVE-2005-1219 1 Microsoft 1 Image Color Management 2026-04-16 N/A
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
CVE-2002-1183 1 Microsoft 3 Windows 98, Windows 98se, Windows Nt 2026-04-16 N/A
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
CVE-2006-3146 2 Microsoft, Toshiba 2 Windows, Bluetooth Stack 2026-04-16 N/A
The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23.
CVE-2002-1185 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
CVE-2006-3442 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message.
CVE-1999-0794 1 Microsoft 2 Excel, Office 2026-04-16 N/A
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
CVE-2006-3637 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
CVE-2002-1290 1 Microsoft 1 Java Virtual Machine 2026-04-16 N/A
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.