Search Results (9581 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0049 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
CVE-2002-0013 2 Redhat, Snmp 3 Linux, Powertools, Snmp 2026-04-16 N/A
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
CVE-2004-2699 1 Aspdotnetstorefront 1 Aspdotnetstorefront 2026-04-16 N/A
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.
CVE-2002-0012 2 Redhat, Snmp 3 Linux, Powertools, Snmp 2026-04-16 N/A
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
CVE-2001-1009 2 Fetchmail, Redhat 2 Fetchmail, Linux 2026-04-16 N/A
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
CVE-2001-0771 1 Spytech-web 1 Spyanywhere 2026-04-16 N/A
Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the "loginpass" field.
CVE-2006-1735 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
CVE-2004-2713 1 Zonelabs 1 Zonealarm 2026-04-16 N/A
Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file
CVE-1999-1011 1 Microsoft 4 Data Access Components, Index Server, Internet Information Server and 1 more 2026-04-16 N/A
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
CVE-1999-0227 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
CVE-2004-2718 1 Php Heaven 1 Phpmychat 2026-04-16 N/A
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
CVE-2004-2729 1 Hummingbird 1 Connectivity 2026-04-16 N/A
Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections.
CVE-2006-3443 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
CVE-2004-2694 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
CVE-2006-0023 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
CVE-2005-4217 1 Apple 1 Mac Os X Server 2026-04-16 N/A
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.
CVE-2005-4093 1 Checkpoint 2 Secureclient Ng, Vpn-1 Secureclient 2026-04-16 N/A
Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.
CVE-2005-4089 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
CVE-2004-2730 1 Microsoft 11 Psexec, Psgetsid, Psinfo and 8 more 2026-04-16 N/A
Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping.
CVE-2005-3273 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats.