Search Results (44126 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2127 2 Ati, Microsoft 6 Catalyst Driver, .net Framework, Office and 3 more 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
CVE-2006-0301 2 Redhat, Xpdf 2 Enterprise Linux, Xpdf 2026-04-16 N/A
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
CVE-2002-2366 1 Cerulean Studios 1 Trillian 2026-04-16 N/A
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
CVE-2003-0095 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2026-04-16 N/A
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
CVE-2004-0179 4 Apache, Debian, Redhat and 1 more 7 Openoffice, Subversion, Debian Linux and 4 more 2026-04-16 N/A
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
CVE-2006-3459 3 Adobe, Libtiff, Redhat 3 Acrobat Reader, Libtiff, Enterprise Linux 2026-04-16 N/A
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
CVE-2003-0222 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2026-04-16 N/A
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
CVE-1999-0656 1 Linux 1 Linux Kernel 2026-04-16 N/A
The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.
CVE-2003-0411 2 Microsoft, Oracle 3 Windows 2000, Windows Xp, Sun One Application Server 2026-04-16 7.5 High
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
CVE-2001-0766 2 Apache, Apple 2 Http Server, Mac Os X 2026-04-16 9.8 Critical
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
CVE-2006-1834 1 Opera 1 Opera Browser 2026-04-16 N/A
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.
CVE-2006-1550 2 Dia, Redhat 2 Dia, Enterprise Linux 2026-04-16 N/A
Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.
CVE-2006-1302 1 Microsoft 2 Excel, Excel Viewer 2026-04-16 N/A
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
CVE-2006-0848 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
CVE-2002-0159 1 Cisco 1 Secure Access Control Server 2026-04-16 N/A
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
CVE-2005-0369 1 Armagetronad 2 Armagetron, Armagetron Advanced 2026-04-16 5.3 Medium
Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array.
CVE-2002-2272 1 Apache 2 Http Server, Tomcat 2026-04-16 N/A
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
CVE-2004-2685 1 Youngzsoft 1 Ccproxy 2026-04-16 N/A
Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416.
CVE-2002-0070 1 Microsoft 4 Windows 2000, Windows 98, Windows 98se and 1 more 2026-04-16 N/A
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
CVE-2001-1238 1 Microsoft 1 Windows 2000 2026-04-16 7.8 High
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.