Search Results (71 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7039 2 Atrium Software, Microsoft 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more 2026-04-23 N/A
The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.
CVE-2007-2186 2 Foxit, Microsoft 9 Pdf Reader, Windows 2000, Windows 2003 Server and 6 more 2026-04-23 N/A
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2006-7034 9 Apple, Hp, Ibm and 6 more 18 Mac Os X, Hp-ux, Tru64 and 15 more 2026-04-23 N/A
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
CVE-2006-7037 2 Mathsoft, Microsoft 9 Mathcad, Windows 2000, Windows 2003 Server and 6 more 2026-04-23 N/A
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
CVE-2007-3958 1 Microsoft 8 Internet Explorer, Windows 2000, Windows 95 and 5 more 2026-04-23 N/A
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.
CVE-2007-1898 8 Apple, Hp, Jetbox and 5 more 16 Mac Os X, Hp-ux, Tru64 and 13 more 2026-04-23 N/A
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
CVE-2007-1043 9 Apple, Ezboo, Hp and 6 more 18 Mac Os X, Webstats, Hp-ux and 15 more 2026-04-23 N/A
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
CVE-2007-2736 9 Achievo, Apple, Hp and 6 more 18 Achievo, A Ux, Mac Os X and 15 more 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
CVE-2002-2185 6 Debian, Mandrakesoft, Microsoft and 3 more 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more 2026-04-16 N/A
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
CVE-2005-0416 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more 2026-04-16 N/A
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.
CVE-2002-1325 1 Microsoft 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more 2026-04-16 N/A
Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
CVE-2005-1793 1 Microsoft 1 Windows 98se 2026-04-16 N/A
User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.
CVE-2002-1183 1 Microsoft 3 Windows 98, Windows 98se, Windows Nt 2026-04-16 N/A
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
CVE-2001-0721 1 Microsoft 4 Windows 98, Windows 98se, Windows Me and 1 more 2026-04-16 N/A
Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.
CVE-2004-0839 3 Avaya, Microsoft, Nortel 18 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 15 more 2026-04-16 N/A
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
CVE-2003-1048 1 Microsoft 8 Internet Explorer, Outlook, Windows 98 and 5 more 2026-04-16 7.8 High
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
CVE-2002-1258 1 Microsoft 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more 2026-04-16 N/A
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.
CVE-2005-1212 1 Microsoft 7 Windows 2000, Windows 2000 Terminal Services, Windows 2003 Server and 4 more 2026-04-16 N/A
Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
CVE-2004-0901 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more 2026-04-16 N/A
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.
CVE-2004-0597 3 Greg Roelofs, Microsoft, Redhat 7 Libpng, Msn Messenger, Windows 98se and 4 more 2026-04-16 N/A
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.