Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0600 1 Lotus 1 Domino R5 Server 2026-04-16 N/A
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type.
CVE-2001-0603 1 Lotus 1 Domino R5 Server 2026-04-16 N/A
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148.
CVE-2003-1133 1 Ritlabs 1 The Bat 2026-04-16 N/A
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.
CVE-2003-1134 1 Sun 1 Java 2026-04-16 N/A
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
CVE-2002-0144 1 Scott Parish 1 Chuid 2026-04-16 N/A
Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the ownership of files outside of the upload directory via a .. (dot dot) attack.
CVE-2003-1423 4 Linux, Microsoft, Petitforum and 1 more 4 Linux Kernel, All Windows, Petitforum and 1 more 2026-04-16 N/A
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
CVE-2003-1428 2 Bharat Mediratta, Linux 2 Gallery, Linux Kernel 2026-04-16 N/A
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.
CVE-2003-1135 1 Yahoo 1 Messenger 2026-04-16 N/A
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
CVE-2003-1246 1 Pedestal Software 1 Integrity Protection Driver 2026-04-16 N/A
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.
CVE-2006-2397 1 Gphotos 1 Gphotos 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
CVE-2005-2407 1 Opera 1 Opera Browser 2026-04-16 N/A
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".
CVE-2005-0192 1 Realnetworks 2 Realone Player, Realplayer 2026-04-16 N/A
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
CVE-2006-4187 1 Hp 1 Hp-ux 2026-04-16 N/A
Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors.
CVE-2005-0034 1 Isc 1 Bind 2026-04-16 N/A
An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.
CVE-2004-1292 1 Michael Kohn 1 Ringtonetools 2026-04-16 N/A
Buffer overflow in the parse_emelody function in parse_emelody.c for ringtonetools 2.22 allows remote attackers to execute arbitrary code via a crafted eMelody file.
CVE-2006-4478 1 Visualshapers 1 Ezcontents 2026-04-16 N/A
SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter.
CVE-2003-1249 1 Businessobjects 1 Webintelligence 2026-04-16 N/A
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.
CVE-2005-0251 1 Guillaumegardey 1 Biborb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.
CVE-2006-0888 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.
CVE-2006-2094 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.