ReportizFlow
Filtered by vendor
Subscriptions
Total
29909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6964 | 1 Mailenable | 1 Mailenable Professional | 2026-04-23 | N/A |
| MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | ||||
| CVE-2007-1553 | 1 Guestbara | 1 Guestbara | 2026-04-23 | N/A |
| admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters. | ||||
| CVE-2006-6538 | 1 D-link | 1 Dwl-2000ap\+ | 2026-04-23 | N/A |
| D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. | ||||
| CVE-2006-7015 | 1 Jobline | 1 Jobline | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests | ||||
| CVE-2006-6612 | 1 Phpmycms | 1 Phpmycms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter. | ||||
| CVE-2006-7134 | 1 Noah Spurrier | 1 Upload Tool For Php | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-7140 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. | ||||
| CVE-2006-7158 | 1 Oracle | 1 Apex | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351. | ||||
| CVE-2006-7159 | 2 Bti-tracker, Btitracker | 2 Bti-tracker, Btitracker | 2026-04-23 | N/A |
| Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action. | ||||
| CVE-2006-7173 | 1 Php-stats | 1 Php-stats | 2026-04-23 | N/A |
| Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php. | ||||
| CVE-2006-7182 | 1 Mnews | 1 Mnews | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. | ||||
| CVE-2006-7234 | 2 Lynx, Redhat | 2 Lynx, Enterprise Linux | 2026-04-23 | N/A |
| Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. | ||||
| CVE-2007-0001 | 1 Redhat | 1 Enterprise Linux | 2026-04-23 | N/A |
| The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. | ||||
| CVE-2006-6077 | 3 Mozilla, Netscape, Redhat | 3 Firefox, Navigator, Enterprise Linux | 2026-04-23 | N/A |
| The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password. | ||||
| CVE-2006-6090 | 1 Baalasp | 1 Smart Form Portal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp. | ||||
| CVE-2007-0165 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. | ||||
| CVE-2007-0171 | 1 Allmylinks Project | 1 Allmylinks | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter. | ||||
| CVE-2007-0184 | 1 Getahead | 1 Direct Web Remoting | 2026-04-23 | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks. | ||||
| CVE-2006-6902 | 1 Microsoft | 1 Windows 2003 Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | ||||
| CVE-2007-0357 | 1 Fritzdsl | 1 Fritzdsl | 2026-04-23 | N/A |
| Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver. | ||||