Search Results (25564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4138 1 Microsoft 1 Help File Viewer 2026-04-16 N/A
Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files.
CVE-2001-0151 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
CVE-2001-0508 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.
CVE-2001-0902 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.
CVE-2002-1182 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
CVE-2005-2224 1 Microsoft 1 Asp.net 2026-04-16 N/A
aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
CVE-2006-4868 1 Microsoft 5 Internet Explorer, Outlook, Windows 2000 and 2 more 2026-04-16 N/A
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
CVE-2006-4888 1 Microsoft 1 Ie 2026-04-16 N/A
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
CVE-1999-0285 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
CVE-1999-0385 1 Microsoft 1 Exchange Server 2026-04-16 N/A
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
CVE-1999-0448 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
CVE-1999-0506 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
A Windows NT domain user or administrator account has a default, null, blank, or missing password.
CVE-1999-0726 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
CVE-2006-4534 1 Microsoft 1 Office 2026-04-16 N/A
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
CVE-2006-4560 1 Microsoft 1 Ie 2026-04-16 N/A
Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
CVE-2006-4627 1 Microsoft 1 System Information Activex Control 2026-04-16 N/A
System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument.
CVE-2006-4732 1 Microsoft 1 Visual Basic 2026-04-16 N/A
Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object.
CVE-2006-4777 1 Microsoft 1 Ie 2026-04-16 N/A
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
CVE-2006-4446 1 Microsoft 1 Ie 2026-04-16 N/A
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
CVE-2006-4465 1 Microsoft 1 Terminal Server 2026-04-16 N/A
Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code