Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0972 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.
CVE-2003-1450 1 Bitchx 1 Bitchx 2026-04-16 N/A
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.
CVE-2004-0595 4 Avaya, Php, Redhat and 1 more 11 Converged Communications Server, Integrated Management, S8300 and 8 more 2026-04-16 N/A
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
CVE-2004-0105 3 Metamail Corporation, Redhat, Sgi 4 Metamail, Enterprise Linux, Linux Advanced Workstation and 1 more 2026-04-16 N/A
Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
CVE-2002-2298 1 Atthat.com 1 Thatware 2026-04-16 N/A
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVE-2002-0721 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
CVE-2001-0951 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
CVE-2005-0629 1 427bb 1 Fourtwosevenbb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.
CVE-2003-1558 1 Fefe 1 Fnord 2026-04-16 N/A
Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function.
CVE-2005-0628 1 Demof 1 Forumwa 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message.
CVE-2005-0621 1 Enlight Software 1 Scrapland 2026-04-16 N/A
Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets.
CVE-2002-0932 1 Luis Bernardo 1 Myhelpdesk 2026-04-16 N/A
SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog.
CVE-2003-0461 1 Redhat 2 Enterprise Linux, Linux 2026-04-16 N/A
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
CVE-2002-0659 4 Apple, Openssl, Oracle and 1 more 8 Mac Os X, Openssl, Application Server and 5 more 2026-04-16 N/A
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
CVE-2002-0657 1 Openssl 1 Openssl 2026-04-16 N/A
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.
CVE-2001-1496 1 Acme 1 Thttpd 2026-04-16 9.8 Critical
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2001-0782 1 Kde 1 Ktv 2026-04-16 N/A
KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file.
CVE-2004-0978 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 98se and 4 more 2026-04-16 N/A
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
CVE-2004-0672 1 Netegrity 2 Identityminder, Policy Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
CVE-2006-4075 1 Wim Fleischhauer 1 Docpile We 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php.