ReportizFlow
Filtered by vendor
Subscriptions
Total
29885 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4320 | 1 Opensef Project | 1 Opensef | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2004-1408 | 1 Singapore | 1 Image Gallery Web Application | 2025-04-03 | N/A |
| The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files. | ||||
| CVE-2004-1430 | 1 Ipbproarcade | 1 Ipbproarcade | 2025-04-03 | N/A |
| SQL injection vulnerability in the show_stats module in Arcade.php in IbProArcade allows remote attackers to execute arbitrary SQL code via the gameid parameter. | ||||
| CVE-2004-1429 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | N/A |
| ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force attack. | ||||
| CVE-2005-1976 | 1 Novell | 1 Netmail | 2025-04-03 | N/A |
| Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files. | ||||
| CVE-2006-4346 | 1 Digium | 1 Asterisk | 2025-04-03 | N/A |
| Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. | ||||
| CVE-2006-4352 | 1 Cisco | 1 Content Services Switch 11000 | 2025-04-03 | N/A |
| The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2005-1981 | 1 Microsoft | 2 Windows 2000, Windows 2003 Server | 2025-04-03 | N/A |
| Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. | ||||
| CVE-2004-1578 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header. | ||||
| CVE-2006-4358 | 1 Dieselscripts | 1 Diesel Pay | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter. | ||||
| CVE-2006-4365 | 1 Vistabb | 1 Vistabb | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php. | ||||
| CVE-2006-4366 | 1 Redblog | 1 Redblog | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2004-1626 | 1 Code-crafters | 1 Ability Server | 2025-04-03 | N/A |
| Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command. | ||||
| CVE-2006-4368 | 1 Integramod | 1 Integramod Portal | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-4374 | 1 Irfanview | 1 Irfanview | 2025-04-03 | N/A |
| IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow. | ||||
| CVE-2006-4377 | 1 Guder Und Koch Netzwerktechnik | 1 Eichhorn Portal | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. | ||||
| CVE-2005-3251 | 1 Gallery Project | 1 Gallery | 2025-04-03 | N/A |
| Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter. | ||||
| CVE-2006-4388 | 1 Apple | 1 Quicktime | 2025-04-03 | N/A |
| Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. | ||||
| CVE-2005-1119 | 1 Todd Miller | 1 Sudo | 2025-04-03 | N/A |
| Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2005-3256 | 1 Enigmail | 1 Enigmail | 2025-04-03 | N/A |
| The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. | ||||