ReportizFlow
Filtered by vendor
Subscriptions
Total
29907 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2769 | 1 Inter7 | 1 Sqwebmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail. | ||||
| CVE-2005-2777 | 1 Looking Glass | 1 Looking Glass | 2026-04-16 | N/A |
| Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field. | ||||
| CVE-2003-0363 | 1 Licq | 1 Licq | 2026-04-16 | N/A |
| Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other versions allows remote attackers to perform unknown actions via format string specifiers. | ||||
| CVE-2006-2651 | 1 Vacation Rentals | 1 Vacation Rental Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter. | ||||
| CVE-2002-0418 | 1 Endymion | 1 Sake Mail | 2026-04-16 | N/A |
| Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter. | ||||
| CVE-2005-2831 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. | ||||
| CVE-2003-0388 | 2 Andrew Morgan, Redhat | 2 Linux Pam, Enterprise Linux | 2026-04-16 | N/A |
| pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name. | ||||
| CVE-2003-0404 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2026-04-16 | N/A |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template. | ||||
| CVE-2005-2849 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2026-04-16 | N/A |
| Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump. | ||||
| CVE-2005-2864 | 1 Urban | 1 Urban | 2026-04-16 | N/A |
| URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files. | ||||
| CVE-2006-2733 | 1 Mini-nuke | 1 Mini-nuke | 2026-04-16 | N/A |
| membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts. | ||||
| CVE-2006-2734 | 1 Mini-nuke | 1 Mini-nuke | 2026-04-16 | N/A |
| enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker. | ||||
| CVE-2005-2877 | 1 Twiki | 1 Twiki | 2026-04-16 | N/A |
| The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers. | ||||
| CVE-2005-2884 | 1 Neocrome | 1 Land Down Under | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event. | ||||
| CVE-2005-2885 | 1 Maxdev | 1 Md-pro | 2026-04-16 | N/A |
| The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files. | ||||
| CVE-2005-2886 | 1 Maxdev | 1 Md-pro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php. | ||||
| CVE-2005-2888 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php. | ||||
| CVE-2005-2891 | 1 Csystems | 1 Webarchivex | 2026-04-16 | N/A |
| WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods. | ||||
| CVE-2005-2902 | 1 Class-1 | 1 Class-1 Forum | 2026-04-16 | N/A |
| SQL injection vulnerability in class-1 Forum Software 0.24.4 allows remote attackers to execute arbitrary SQL commands and bypass the file extension check via SQL code in the file extension of an uploaded file. | ||||
| CVE-2006-2792 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | ||||