ReportizFlow
Filtered by vendor
Subscriptions
Total
29914 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2423 | 1 Swsoft | 1 Confixx | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. | ||||
| CVE-2006-2424 | 1 Ezusermanager | 1 Ezusermanager | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php. | ||||
| CVE-2006-2427 | 1 Clam Anti-virus | 2 Clamav, Clamxav | 2026-04-16 | N/A |
| freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. | ||||
| CVE-2004-2427 | 1 Axis | 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more | 2026-04-16 | N/A |
| Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi. | ||||
| CVE-2004-2441 | 1 Kerio | 1 Kerio Mailserver | 2026-04-16 | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue." | ||||
| CVE-2004-2448 | 2 Cassiopeia, Itransact | 2 S-mart Shopping Cart, Redicart | 2026-04-16 | N/A |
| S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name. | ||||
| CVE-2004-2453 | 1 Tutti Nova | 1 Tutti Nova | 2026-04-16 | N/A |
| Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors. | ||||
| CVE-2004-2463 | 1 Ada | 1 Imgsvr | 2026-04-16 | N/A |
| Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attackers to cause a denial of service (web server crash) or execute arbitrary code via a long GET request. | ||||
| CVE-2004-2465 | 1 Efs Software | 1 Easy Chat Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2004-2464 | 1 Ada | 1 Imgsvr | 2026-04-16 | N/A |
| Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f"). NOTE: it was later reported that 0.6.21 and earlier is also affected. | ||||
| CVE-2004-2477 | 1 Diamondcs | 1 Process Guard Free | 2026-04-16 | N/A |
| DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe. | ||||
| CVE-2004-2486 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2026-04-16 | N/A |
| The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access. | ||||
| CVE-2004-2487 | 1 Nexgen | 1 Nexgen Ftp Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) "\..\" (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls), (d) RNFR, or (e) RNTO FTP commands. | ||||
| CVE-2004-2504 | 1 Alt-n | 1 Mdaemon | 2026-04-16 | N/A |
| The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges. | ||||
| CVE-2004-2514 | 1 Powerportal | 1 Powerportal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field. | ||||
| CVE-2006-2452 | 1 Gnome | 1 Gdm | 2026-04-16 | N/A |
| GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | ||||
| CVE-2004-2535 | 1 Matthew Phillips | 1 Sticker | 2026-04-16 | N/A |
| The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key. | ||||
| CVE-1999-0373 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root. | ||||
| CVE-2006-0927 | 2 Jgs-xa, Woltlab | 2 Jgs-gallery Addon, Burning Board | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php. | ||||
| CVE-2004-2540 | 1 Sun | 2 Jdk, Jre | 2026-04-16 | N/A |
| readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data. | ||||