Search Results (9580 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2311 2 Microsoft, Opera Software 2 Internet Explorer, Opera Web Browser 2026-04-16 N/A
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
CVE-2002-0013 2 Redhat, Snmp 3 Linux, Powertools, Snmp 2026-04-16 N/A
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
CVE-2002-0012 2 Redhat, Snmp 3 Linux, Powertools, Snmp 2026-04-16 N/A
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
CVE-2001-1371 1 Oracle 1 Application Server 2026-04-16 N/A
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
CVE-2000-0219 1 Redhat 1 Linux 2026-04-16 N/A
Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt.
CVE-2001-0771 1 Spytech-web 1 Spyanywhere 2026-04-16 N/A
Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the "loginpass" field.
CVE-1999-0909 1 Microsoft 4 Terminal Server, Windows 95, Windows 98se and 1 more 2026-04-16 N/A
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
CVE-1999-0899 1 Microsoft 1 Windows Nt 2026-04-16 N/A
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
CVE-1999-0839 1 Microsoft 1 Ie 2026-04-16 N/A
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
CVE-2006-3011 1 Php 1 Php 2026-04-16 N/A
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
CVE-2006-1524 1 Linux 1 Linux Kernel 2026-04-16 N/A
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
CVE-1999-0728 1 Microsoft 1 Windows Nt 2026-04-16 N/A
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
CVE-2006-0700 1 Imagevue 1 Imagevue 2026-04-16 N/A
imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.
CVE-2006-0008 1 Microsoft 3 Office, Windows 2003 Server, Windows Xp 2026-04-16 N/A
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
CVE-2006-3443 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
CVE-2005-4089 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
CVE-2006-4136 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.
CVE-1999-1383 2 Gnu, Tcsh 2 Bash, Tcsh 2026-04-16 N/A
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.
CVE-2002-2270 1 Hp 1 Hp-ux 2026-04-16 N/A
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.
CVE-2006-1726 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-04-16 N/A
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.