Search Results (287 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7034 9 Apple, Hp, Ibm and 6 more 18 Mac Os X, Hp-ux, Tru64 and 15 more 2026-04-23 N/A
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
CVE-2006-7037 2 Mathsoft, Microsoft 9 Mathcad, Windows 2000, Windows 2003 Server and 6 more 2026-04-23 N/A
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
CVE-2007-6026 1 Microsoft 6 Jet, Office, Windows 2000 and 3 more 2026-04-23 N/A
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
CVE-2008-2674 4 Fujitsu, Microsoft, Redhat and 1 more 11 Interstage Application Server Enterprise, Interstage Application Server Plus, Interstage Application Server Plus Developer and 8 more 2026-04-23 N/A
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors.
CVE-2008-3018 1 Microsoft 4 Office, Office Converter Pack, Windows Nt and 1 more 2026-04-23 N/A
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.
CVE-2007-1727 4 Hp, Linux, Microsoft and 1 more 7 Hp-ux, Openview Network Node Manager, Linux Kernel and 4 more 2026-04-23 N/A
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.
CVE-2008-2427 4 Freebsd, Microsoft, Pagesperso-orange and 1 more 6 Freebsd, Windows Nt, Gfl Sdk and 3 more 2026-04-23 N/A
Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.
CVE-2006-7030 1 Microsoft 8 Ie, Windows 2000, Windows 2003 Server and 5 more 2026-04-23 N/A
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.
CVE-2007-1912 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2026-04-23 N/A
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
CVE-2008-2841 2 Microsoft, Xchat 3 Internet Explorer, Windows Nt, Xchat 2026-04-23 N/A
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
CVE-2006-7039 2 Atrium Software, Microsoft 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more 2026-04-23 N/A
The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.
CVE-2002-0367 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 7.8 High
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
CVE-2004-0210 1 Microsoft 3 Interix, Windows 2000, Windows Nt 2026-04-16 7.8 High
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
CVE-1999-0824 1 Microsoft 1 Windows Nt 2026-04-16 N/A
A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
CVE-1999-0519 1 Microsoft 4 Outlook, Windows 2000, Windows 95 and 1 more 2026-04-16 N/A
A NETBIOS/SMB share password is the default, null, or missing.
CVE-1999-0728 1 Microsoft 1 Windows Nt 2026-04-16 N/A
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
CVE-1999-0701 1 Microsoft 1 Windows Nt 2026-04-16 N/A
After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.
CVE-1999-0505 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
A Windows NT domain user or administrator account has a guessable password.
CVE-1999-0278 1 Microsoft 2 Internet Information Server, Windows Nt 2026-04-16 N/A
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
CVE-1999-0700 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.