ReportizFlow
Filtered by vendor
Subscriptions
Total
29885 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2405 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2025-04-03 | N/A |
| Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php. | ||||
| CVE-2005-0353 | 1 Safenet | 1 Sentinel License Manager | 2025-04-03 | N/A |
| Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093. | ||||
| CVE-2006-2477 | 1 Bitrix | 1 Bitrix Site Manager | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs. | ||||
| CVE-2004-0915 | 2 Debian, Viewcvs | 2 Debian Linux, Viewcvs | 2025-04-03 | N/A |
| Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information. | ||||
| CVE-2006-2525 | 1 Usebb | 1 Usebb | 2025-04-03 | N/A |
| SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module. | ||||
| CVE-2004-0521 | 3 Redhat, Sgi, Squirrelmail | 3 Enterprise Linux, Propack, Squirrelmail | 2025-04-03 | N/A |
| SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. | ||||
| CVE-2002-0923 | 1 Cgiscript.net | 1 Csnews | 2025-04-03 | N/A |
| CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability. | ||||
| CVE-2004-0540 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | N/A |
| Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. | ||||
| CVE-2006-2546 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges. | ||||
| CVE-2006-2574 | 1 Hp | 1 Hp-ux | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors. | ||||
| CVE-2002-0929 | 1 Novell | 1 Netware | 2025-04-03 | N/A |
| Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests. | ||||
| CVE-2004-0917 | 1 Vignette | 1 Application Portal | 2025-04-03 | N/A |
| The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag. | ||||
| CVE-2006-2588 | 1 Russcom Network | 1 Phpimages | 2025-04-03 | N/A |
| Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability. | ||||
| CVE-2002-0944 | 1 Deepmetrix | 1 Livestats | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program. | ||||
| CVE-2006-2712 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2025-04-03 | N/A |
| Secure Elements Class 5 AVR (aka C5 EVM) client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages. | ||||
| CVE-2006-2727 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | N/A |
| home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter. | ||||
| CVE-2006-2730 | 1 Hot Open Tickets | 1 Hot Open Tickets | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. | ||||
| CVE-2005-0523 | 1 Prozilla | 1 Prozilla Download Accelerator | 2025-04-03 | N/A |
| Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header. | ||||
| CVE-2006-2736 | 1 Phpbb-portal | 1 Blend Portal | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507. | ||||
| CVE-2006-2737 | 1 Nukedit | 1 Nukedit | 2025-04-03 | N/A |
| utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action. | ||||