ReportizFlow
Filtered by vendor
Subscriptions
Total
29902 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2955 | 1 Kaphotoservice | 1 Kaphotoservice | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp. | ||||
| CVE-2005-2343 | 1 Rim | 3 Blackberry, Blackberry Desktop Manager, Blackberry Device Software | 2026-04-16 | N/A |
| Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed. | ||||
| CVE-2006-2956 | 1 Skoom | 1 I.list | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php. | ||||
| CVE-2006-2969 | 1 L0j1k | 1 Tinymuw | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations. | ||||
| CVE-2005-2380 | 1 Php Surveyor | 1 Php Surveyor | 2026-04-16 | N/A |
| Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php. | ||||
| CVE-2005-2382 | 1 Oray | 1 Peanuthull | 2026-04-16 | N/A |
| Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality. | ||||
| CVE-2005-2386 | 1 Elemental Software | 1 Cartwiz | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2006-2970 | 1 L0j1k | 1 Tinymuw | 2026-04-16 | N/A |
| videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message. | ||||
| CVE-2006-2971 | 1 Overkill | 1 Overkill | 2026-04-16 | N/A |
| Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function. | ||||
| CVE-2005-2393 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php. | ||||
| CVE-2005-2394 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter. | ||||
| CVE-2006-2972 | 1 Arantius | 1 Vice Stats | 2026-04-16 | N/A |
| SQL injection vulnerability in vs_resource.php in Arantius Vice Stats 0.5b and 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2005-2395 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available. | ||||
| CVE-2005-2398 | 1 Php Surveyor | 1 Php Surveyor | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php. | ||||
| CVE-2006-0991 | 1 Veritas | 1 Netbackup | 2026-04-16 | N/A |
| Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724). | ||||
| CVE-2005-2399 | 1 Php Surveyor | 1 Php Surveyor | 2026-04-16 | N/A |
| PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to (1) browse.php, (2) export.php, (3) conditions.php, or (4) spss.php. | ||||
| CVE-2005-2400 | 1 Phpfinance | 1 Phpfinance | 2026-04-16 | N/A |
| The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to bypass the login and gain privileges. | ||||
| CVE-2005-2404 | 1 Sendcard | 1 Sendcard | 2026-04-16 | N/A |
| SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-2976 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-16 | N/A |
| Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. | ||||
| CVE-2006-2988 | 1 Chemical Dictionary | 1 Chemical Dictionary | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action. | ||||