ReportizFlow
Filtered by vendor
Subscriptions
Total
29894 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2169 | 1 Best Practical Solutions | 1 Request Tracker | 2026-04-16 | N/A |
| RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. | ||||
| CVE-2006-2117 | 1 Extrosoft | 1 Thyme | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. | ||||
| CVE-2006-2115 | 1 Sws | 1 Sws Simple Web Server | 2026-04-16 | N/A |
| Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call. | ||||
| CVE-2005-2428 | 1 Ibm | 1 Lotus Domino | 2026-04-16 | N/A |
| Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. | ||||
| CVE-2004-0578 | 1 Qbik | 1 Wingate | 2026-04-16 | N/A |
| WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory. | ||||
| CVE-2002-1948 | 1 Gringotts | 1 Gringotts | 2026-04-16 | N/A |
| Multiple buffer overflows in Gringotts 0.5.9 allows local users to execute arbitrary commands via unknown attack vectors. | ||||
| CVE-2002-1936 | 1 Utstarcom | 1 Bas 1000 | 2026-04-16 | N/A |
| UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase". | ||||
| CVE-2002-1934 | 1 Pingtel | 1 Xpressa | 2026-04-16 | N/A |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information. | ||||
| CVE-2002-1931 | 1 Php Arena | 1 Pafiledb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string. | ||||
| CVE-2002-1930 | 1 An | 1 An-httpd | 2026-04-16 | N/A |
| Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. | ||||
| CVE-2002-1926 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2026-04-16 | N/A |
| Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string. | ||||
| CVE-2006-2047 | 1 Application Dynamics | 1 Cartweaver Coldfusion | 2026-04-16 | N/A |
| Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection. | ||||
| CVE-2006-2033 | 1 Corenews | 1 Corenews | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue. | ||||
| CVE-2006-2029 | 1 Simplog | 1 Simplog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php. | ||||
| CVE-2002-1504 | 1 Radiobird Software | 1 Webserver 4 Everyone | 2026-04-16 | N/A |
| Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL. | ||||
| CVE-2006-2015 | 1 Web-provence | 1 Sl Site | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CVE names. | ||||
| CVE-2006-2007 | 1 Winny | 1 Winny | 2026-04-16 | N/A |
| Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port. | ||||
| CVE-2006-1986 | 1 Apple | 1 Safari | 2026-04-16 | N/A |
| Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl. | ||||
| CVE-2006-1945 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732. | ||||
| CVE-2005-0380 | 1 Zeroboard | 1 Zeroboard | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. | ||||