ReportizFlow
Filtered by vendor
Subscriptions
Total
29902 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4290 | 1 Sony | 1 Vaio Media Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. | ||||
| CVE-2006-4300 | 1 8pixel.net | 1 Simple Blog | 2026-04-16 | N/A |
| SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-4303 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion). | ||||
| CVE-2006-1003 | 1 Netgear | 1 Wgt624 | 2026-04-16 | N/A |
| The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges. | ||||
| CVE-2006-3286 | 1 Cisco | 1 Wireless Control System | 2026-04-16 | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). | ||||
| CVE-2006-4305 | 2 Mysql, Sap-db | 2 Maxdb, Sap-db | 2026-04-16 | N/A |
| Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. | ||||
| CVE-2006-1004 | 1 Cactusoft | 1 Parodia | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parodia 6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-1007 | 1 Nathan Landry | 1 N8cms Sitesuite Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) dir and (2) page_id parameter to index.php. | ||||
| CVE-2006-1013 | 1 Smartblog | 1 Smartblog | 2026-04-16 | N/A |
| PHP remote file include vulnerability in index.php in SMartBlog (aka SMBlog) 1.2 allows remote attackers to include and execute arbitrary PHP files via (1) the pg parameter and (2) a query string without a parameter. | ||||
| CVE-2006-1024 | 1 Addsoft | 1 Storebot | 2026-04-16 | N/A |
| SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1027 | 1 Joomla | 1 Joomla | 2026-04-16 | N/A |
| feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message. | ||||
| CVE-2005-2845 | 1 Ariba | 1 Ariba Spend Management Solutions | 2026-04-16 | N/A |
| Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2006-4315 | 1 Ssh | 4 Tectia Client, Tectia Connector, Tectia Manager and 1 more | 2026-04-16 | N/A |
| Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. | ||||
| CVE-2006-4322 | 1 Bits-dont-bite | 1 Estateagent | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2005-3812 | 1 Freeftpd | 1 Freeftpd | 2026-04-16 | N/A |
| freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments. | ||||
| CVE-2005-2862 | 1 Road Runner | 1 Adsl Road Runner Modem | 2026-04-16 | N/A |
| ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access. | ||||
| CVE-2006-4332 | 1 Wireshark | 1 Wireshark | 2026-04-16 | N/A |
| Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. | ||||
| CVE-2006-4336 | 2 Gzip, Redhat | 2 Gzip, Enterprise Linux | 2026-04-16 | N/A |
| Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. | ||||
| CVE-2006-1074 | 1 Jason Boettcher | 1 Liero Xtreme | 2026-04-16 | N/A |
| Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command. | ||||
| CVE-2005-2914 | 1 Linksys | 1 Wrt54g | 2026-04-16 | N/A |
| ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. | ||||