Search Results (359827 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0643 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
CVE-2001-0837 1 Deltathree 1 Pc-to-phone 2026-04-16 N/A
DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder.
CVE-2001-0902 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.
CVE-2001-1066 1 Sun 1 Solaris 2026-04-16 N/A
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
CVE-2001-1098 1 Cisco 1 Pix Firewall Manager 2026-04-16 N/A
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.
CVE-2001-1328 1 Sun 1 Sunos 2026-04-16 N/A
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
CVE-2001-1386 1 Texasimperialsoftware 1 Wftpd 2026-04-16 7.5 High
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
CVE-2002-0036 2 Mit, Redhat 3 Kerberos 5, Enterprise Linux, Linux 2026-04-16 N/A
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
CVE-2002-0188 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
CVE-2002-0193 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
CVE-2002-0357 1 Sgi 1 Irix 2026-04-16 N/A
Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges.
CVE-2002-0397 1 Red-m 1 1050ap Lan Acess Point 2026-04-16 N/A
Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887.
CVE-2002-0400 2 Isc, Redhat 3 Bind, Enterprise Linux, Linux 2026-04-16 N/A
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
CVE-2002-0445 1 Php Firstpost 1 Php Firstpost 2026-04-16 N/A
article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.
CVE-2002-0615 1 Microsoft 2 Excel, Office 2026-04-16 N/A
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
CVE-2002-0651 2 Isc, Redhat 3 Bind, Enterprise Linux, Linux 2026-04-16 N/A
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
CVE-2000-1094 1 Aol 1 Aim 2026-04-16 N/A
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
CVE-2002-0662 2 Dan Mueth, Redhat 2 Scrollkeeper, Linux 2026-04-16 N/A
scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files.
CVE-2004-1592 1 Ocportal 1 Ocportal 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script.
CVE-2005-2852 1 Novell 1 Netware 2026-04-16 N/A
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.