ReportizFlow
Filtered by vendor
Subscriptions
Total
29907 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0337 | 1 Realnetworks | 1 Realplayer | 2026-04-16 | N/A |
| RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files. | ||||
| CVE-2004-0775 | 1 Widcomm | 2 Bluetooth Communication Software, Btstackserver | 2026-04-16 | N/A |
| Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests. | ||||
| CVE-2004-2315 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2026-04-16 | N/A |
| Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request. | ||||
| CVE-2006-1804 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. | ||||
| CVE-2002-0393 | 1 Red-m | 1 1050ap Lan Acess Point | 2026-04-16 | N/A |
| Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password. | ||||
| CVE-2002-0412 | 1 Luca Deri | 1 Ntop | 2026-04-16 | N/A |
| Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. | ||||
| CVE-2002-0417 | 1 Endymion | 1 Mailman Webmail | 2026-04-16 | N/A |
| Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs. | ||||
| CVE-2005-3903 | 1 Sco | 1 Unixware | 2026-04-16 | N/A |
| Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S (scheme) argument that specifies a large file, a different vulnerability than CVE-2001-1063. | ||||
| CVE-2002-0479 | 1 Gravity Storm Software | 1 Service Pack Manager 2000 | 2026-04-16 | N/A |
| Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share. | ||||
| CVE-2004-2384 | 1 Nullsoft | 1 Winamp | 2026-04-16 | N/A |
| NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line. | ||||
| CVE-2002-1092 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2026-04-16 | N/A |
| Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication. | ||||
| CVE-2005-4243 | 1 Quickpaypro | 1 Quickpaypro | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php. | ||||
| CVE-2002-1481 | 1 Phpgb | 1 Phpgb | 2026-04-16 | N/A |
| savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. | ||||
| CVE-2004-2393 | 1 Sun | 1 Jsse | 2026-04-16 | N/A |
| Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS. | ||||
| CVE-2004-0814 | 3 Linux, Redhat, Ubuntu | 3 Linux Kernel, Enterprise Linux, Ubuntu Linux | 2026-04-16 | N/A |
| Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. | ||||
| CVE-2005-4286 | 1 Phplogcon | 1 Phplogcon | 2026-04-16 | N/A |
| Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php. | ||||
| CVE-2004-0881 | 3 Gentoo, Getmail, Slackware | 3 Linux, Getmail, Slackware Linux | 2026-04-16 | N/A |
| getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. | ||||
| CVE-2005-4366 | 1 Fad Solutions | 1 Drzes Hms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137. | ||||
| CVE-2005-4433 | 1 Esselbach Internet Solutions | 1 Esselbach Storyteller Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Search field. | ||||
| CVE-2005-4481 | 1 Polopoly | 1 Polopoly | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom implementation of the [polopoly] site". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package | ||||