ReportizFlow
Filtered by vendor
Subscriptions
Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4461 | 1 Beehive Forum | 1 Beehive Forum | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_sess parameter. | ||||
| CVE-2006-0106 | 1 Wine | 1 Wine | 2026-04-16 | N/A |
| gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. | ||||
| CVE-2006-0130 | 1 Rockliffe | 1 Mailsite | 2026-04-16 | N/A |
| Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account. | ||||
| CVE-2006-0148 | 1 Netsarang | 1 Xlpd | 2026-04-16 | N/A |
| NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. | ||||
| CVE-2000-0604 | 1 Redhat | 1 Linux | 2026-04-16 | N/A |
| gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp. | ||||
| CVE-2006-0293 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. | ||||
| CVE-2005-4627 | 2 Gfhost, Gmailsite | 2 Gfhost, Gmailsite | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. | ||||
| CVE-2005-4631 | 1 Ryan Lath | 1 Zina | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||||
| CVE-2006-0313 | 1 Pdfdirectory | 1 Pdfdirectory | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php. | ||||
| CVE-2006-0328 | 1 Philippe Jounin | 1 Tftpd32 | 2026-04-16 | N/A |
| Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. | ||||
| CVE-2005-4651 | 1 Alstrasoft | 1 Epay | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. | ||||
| CVE-2006-0363 | 1 Microsoft | 1 Msn Messenger | 2026-04-16 | N/A |
| The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE. | ||||
| CVE-2006-0368 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. | ||||
| CVE-2006-0371 | 1 Noah Medling | 1 Rcblog | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter. | ||||
| CVE-2006-0405 | 1 Libtiff | 1 Libtiff | 2026-04-16 | N/A |
| The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. | ||||
| CVE-2005-3769 | 1 Php Download Manager | 1 Php Download Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2006-0421 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended. | ||||
| CVE-2006-0050 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. | ||||
| CVE-2006-0098 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/. | ||||
| CVE-2006-0552 | 1 Oracle | 12 10g Enterprise Manager Grid Control, Application Server, Collaboration Suite and 9 more | 2026-04-16 | N/A |
| Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11. | ||||