ReportizFlow
Filtered by vendor
Subscriptions
Total
29914 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2474 | 1 Phpnews | 1 Phpnews | 2026-04-16 | N/A |
| SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php. | ||||
| CVE-2004-2553 | 1 The Ignition Project | 1 Ignitionserver | 2026-04-16 | N/A |
| The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument. | ||||
| CVE-2004-2562 | 1 Leigh Business Enterprises | 1 Web Helpdesk | 2026-04-16 | N/A |
| SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2004-2615 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact. | ||||
| CVE-2004-2668 | 1 Interchange Development Group | 1 Interchange | 2026-04-16 | N/A |
| SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2006-0801 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. | ||||
| CVE-2004-2317 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2026-04-16 | N/A |
| Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access. | ||||
| CVE-2005-1299 | 1 Inserter.cgi | 1 Inserter.cgi | 2026-04-16 | N/A |
| The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | ||||
| CVE-2005-1320 | 1 Horde | 1 Mnemo | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2005-1968 | 1 Early Impact | 1 Productcart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce before 2.7 allows remote attackers to inject arbitrary web script or HTML via the error parameter to techErr.asp. | ||||
| CVE-2005-1998 | 1 Mcgallery | 1 Mcgallery | 2026-04-16 | N/A |
| Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2005-2076 | 1 Hp | 1 Version Control Repository Manager | 2026-04-16 | N/A |
| HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen. | ||||
| CVE-2005-1041 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route. | ||||
| CVE-2005-2093 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
| CVE-2002-0103 | 1 Oracle | 1 Application Server Web Cache | 2026-04-16 | N/A |
| An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. | ||||
| CVE-2002-0104 | 1 Aftpd | 1 Aftpd | 2026-04-16 | N/A |
| AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump. | ||||
| CVE-2005-2218 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. | ||||
| CVE-2002-0114 | 1 Emc | 1 Networker | 2026-04-16 | N/A |
| EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform. | ||||
| CVE-2005-2251 | 1 Secure Reality | 1 Phpsecurepages | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468. | ||||
| CVE-2002-0118 | 1 Infopop | 1 Ultimate Bulletin Board | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. | ||||