Search Results (366403 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0983 1 Microsoft 1 Netmeeting 2026-04-16 N/A
Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.
CVE-2002-1215 1 Linux-ha 1 Heartbeat 2026-04-16 N/A
Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).
CVE-2006-1739 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.
CVE-2002-1228 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.
CVE-2006-1740 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
CVE-2002-1229 1 Avaya 5 Cajun P550, Cajun P550r, Cajun P580 and 2 more 2026-04-16 N/A
Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.
CVE-2006-1741 3 Canonical, Mozilla, Redhat 5 Ubuntu Linux, Firefox, Mozilla Suite and 2 more 2026-04-16 N/A
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
CVE-2006-1742 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
CVE-2006-1744 1 Joey Hess 1 Bsdgames 2026-04-16 N/A
Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call.
CVE-2003-0247 1 Redhat 2 Enterprise Linux, Linux 2026-04-16 N/A
Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").
CVE-2006-1746 1 Tincan 1 Phplist 2026-04-16 N/A
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.
CVE-2002-0543 1 Aprelium Technologies 1 Abyss Web Server 2026-04-16 N/A
Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.
CVE-2003-1306 1 Microsoft 1 Urlscan 2026-04-16 N/A
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
CVE-2005-3658 1 Emc 1 Legato Networker 2026-04-16 N/A
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).
CVE-2005-3659 1 Emc 1 Legato Networker 2026-04-16 N/A
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
CVE-2000-0999 1 Openbsd 1 Openssh 2026-04-16 N/A
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
CVE-2002-0727 1 Microsoft 2 Office Web Components, Project 2026-04-16 N/A
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
CVE-2000-1008 1 Palm 1 Palm Os 2026-04-16 N/A
PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.
CVE-2006-0044 1 Albatross 1 Albatross 2026-04-16 N/A
Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the "handling of submitted form fields".
CVE-2006-1747 1 Vwar 1 Virtual War 2026-04-16 N/A
PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) popup.php, and other unspecified scripts in the admin folder. NOTE: these are different attack vectors than CVE-2006-1636 and CVE-2006-1503.