ReportizFlow
Filtered by vendor
Subscriptions
Total
29902 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3996 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2026-04-16 | N/A |
| SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters. | ||||
| CVE-2002-0232 | 1 Mrtg | 1 Multi Router Traffic Grapher Cgi | 2026-04-16 | N/A |
| Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi. | ||||
| CVE-2006-4060 | 1 Web-scripts | 1 Visual Events Calendar | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter. | ||||
| CVE-2006-4077 | 1 Comet | 1 Comet Webfile Manager | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter. | ||||
| CVE-2002-0236 | 1 Lucent | 5 Vitalanalysis, Vitalevent, Vitalhelp and 2 more | 2026-04-16 | N/A |
| Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user. | ||||
| CVE-2002-0243 | 1 Opera Software | 1 Opera Web Browser | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. | ||||
| CVE-2002-0244 | 1 Atheos | 1 Atheos | 2026-04-16 | N/A |
| Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir. | ||||
| CVE-2002-0246 | 1 Caldera | 1 Unixware | 2026-04-16 | N/A |
| Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. | ||||
| CVE-2006-4121 | 1 See-commerce | 1 See-commerce | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2006-4123 | 1 Boite De News | 1 Boite De News | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter. | ||||
| CVE-2002-0264 | 1 Cooolsoft | 1 Powerftp | 2026-04-16 | N/A |
| PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges. | ||||
| CVE-2002-0265 | 1 Sawmill | 1 Sawmill | 2026-04-16 | N/A |
| Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file. | ||||
| CVE-2006-4137 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces. | ||||
| CVE-2006-4160 | 1 Mvcnphp | 1 Mvcnphp | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php. | ||||
| CVE-2002-0342 | 1 Kde | 1 K-mail | 2026-04-16 | N/A |
| Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long. | ||||
| CVE-2006-4190 | 1 Php-nuke | 1 Autohtml Module | 2026-04-16 | N/A |
| Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation. | ||||
| CVE-2002-0345 | 1 Symantec | 1 Norton Ghost | 2026-04-16 | N/A |
| Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges. | ||||
| CVE-2006-4207 | 1 Bob Jewell | 1 Discloser | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php. | ||||
| CVE-2002-0375 | 1 Ecometry | 1 Sgdynamo | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. | ||||
| CVE-2006-4255 | 1 Horde | 2 Horde, Imp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. | ||||