Search Results (363099 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4776 1 Cisco 1 Ios 2026-04-16 N/A
Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement.
CVE-2004-0389 1 Realnetworks 1 Helix Universal Server 2026-04-16 7.5 High
RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.
CVE-2002-0628 1 Polycom 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more 2026-04-16 7.5 High
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
CVE-2004-0392 1 Kame 1 Racoon 2026-04-16 N/A
racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.
CVE-2002-0629 1 Polycom 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more 2026-04-16 N/A
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.
CVE-2002-0630 1 Polycom 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more 2026-04-16 N/A
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.
CVE-2002-0637 1 Trend Micro 1 Interscan Viruswall 2026-04-16 N/A
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
CVE-2004-0404 1 Psionic 1 Logcheck 2026-04-16 N/A
logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp.
CVE-2002-0638 3 Hp, Mandrakesoft, Redhat 6 Secure Os, Mandrake Linux, Mandrake Linux Corporate Server and 3 more 2026-04-16 N/A
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
CVE-2002-0641 1 Microsoft 2 Msde, Sql Server 2026-04-16 N/A
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
CVE-2002-0643 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
CVE-2002-0644 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
CVE-2002-0648 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
CVE-2002-0650 1 Microsoft 1 Sql Server 2026-04-16 N/A
The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
CVE-2002-0652 1 Sgi 1 Irix 2026-04-16 N/A
xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().
CVE-2002-0654 1 Apache 1 Http Server 2026-04-16 N/A
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
CVE-2004-0411 2 Kde, Redhat 2 Konqueror, Enterprise Linux 2026-04-16 N/A
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
CVE-2006-4780 1 Phpbbxs 1 Phpbb Xs 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2002-0659 4 Apple, Openssl, Oracle and 1 more 8 Mac Os X, Openssl, Application Server and 5 more 2026-04-16 N/A
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
CVE-2002-0660 2 Greg Roelofs, Redhat 4 Libpng, Libpng3, Enterprise Linux and 1 more 2026-04-16 N/A
Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.