Search Results (363335 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0224 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Denial of service in Windows NT messenger service through a long username.
CVE-1999-0228 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.
CVE-2003-1412 1 Gonicus 1 Gonicus System Administration 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.
CVE-2005-3550 1 Toenda Software Development 1 Toendacms 2026-04-16 N/A
Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter.
CVE-2005-3415 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.
CVE-2002-0946 1 Seanox 1 Devwex 2026-04-16 N/A
Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\ (dot dot) sequences in an HTTP request.
CVE-1999-0207 1 Great Circle Associates 1 Majordomo 2026-04-16 N/A
Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.
CVE-2005-3887 1 Gadu-gadu 1 Gadu-gadu Instant Messenger 2026-04-16 N/A
Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".
CVE-2005-3874 1 Weaverslave 1 Netzbrett 2026-04-16 N/A
SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php.
CVE-2005-1513 3 Canonical, Debian, Qmail Project 3 Ubuntu Linux, Debian Linux, Qmail 2026-04-16 9.8 Critical
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
CVE-2004-2435 1 Peoplesoft 1 Hrms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts.
CVE-2004-0978 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 98se and 4 more 2026-04-16 N/A
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
CVE-2002-0082 3 Apache-ssl, Mod Ssl, Redhat 5 Apache-ssl, Mod Ssl, Linux and 2 more 2026-04-16 N/A
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
CVE-2003-0086 2 Redhat, Samba 3 Enterprise Linux, Linux, Samba 2026-04-16 N/A
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
CVE-2002-1688 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
CVE-2006-3082 2 Gnupg, Redhat 2 Gnupg, Enterprise Linux 2026-04-16 N/A
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
CVE-2006-0275 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.
CVE-2006-0032 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
CVE-2006-0028 1 Microsoft 2 Excel, Office 2026-04-16 N/A
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
CVE-2005-0208 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.