ReportizFlow
Filtered by vendor
Subscriptions
Total
29889 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1602 | 1 Net56 | 1 File Manager | 2025-04-03 | N/A |
| SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. | ||||
| CVE-1999-1400 | 1 The Economist | 1 The Economist 1999 Screen Saver | 2025-04-03 | N/A |
| The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked. | ||||
| CVE-2004-1836 | 1 Invision Power Services | 1 Invision Power Top Site List | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action. | ||||
| CVE-2006-4528 | 1 Membrepass | 1 Membrepass | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php. | ||||
| CVE-1999-1415 | 1 Digital | 1 Ultrix | 2025-04-03 | N/A |
| Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges. | ||||
| CVE-1999-1430 | 1 Royal | 1 Davinci | 2025-04-03 | N/A |
| PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access. | ||||
| CVE-2004-1942 | 1 Sun | 1 Patch Manager | 2025-04-03 | N/A |
| The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname. | ||||
| CVE-2006-1407 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp. | ||||
| CVE-2006-1410 | 1 Xigla | 1 Absolute Live Support Xe | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or (2) Session Topic field. | ||||
| CVE-2005-1612 | 1 Openbb | 1 Openbb | 2025-04-03 | N/A |
| SQL injection vulnerability in read.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to execute arbitrary SQL commands via the TID parameter. | ||||
| CVE-2006-1451 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database. | ||||
| CVE-2006-1455 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference. | ||||
| CVE-2004-2504 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | N/A |
| The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges. | ||||
| CVE-2004-2494 | 1 Code-crafters | 1 Ability Mail Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter. | ||||
| CVE-2006-1466 | 1 Apple | 2 Mac Os X, Xcode | 2025-04-03 | N/A |
| Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. | ||||
| CVE-2004-2540 | 1 Sun | 2 Jdk, Jre | 2025-04-03 | N/A |
| readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data. | ||||
| CVE-2006-1478 | 1 Turnkey Web Tools | 1 Php Live Helper | 2025-04-03 | N/A |
| Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php. | ||||
| CVE-2004-2556 | 1 Netgear | 1 Wg602 | 2025-04-03 | N/A |
| NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | ||||
| CVE-1999-0013 | 1 Ssh | 1 Ssh | 2025-04-03 | 8.4 High |
| Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. | ||||
| CVE-2004-2620 | 1 Paul L Daniels | 1 Ripmime | 2025-04-03 | N/A |
| The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow. | ||||