ReportizFlow
Filtered by vendor
Subscriptions
Total
29922 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0172 | 1 Hummingbird | 1 Enterprise Collaboration | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting. | ||||
| CVE-2006-0202 | 1 Paypal | 1 Php Toolkit | 2026-04-16 | N/A |
| Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. | ||||
| CVE-2006-2326 | 1 Onlyscript.info | 1 Online Universal Payment System Script | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to read arbitrary files via directory traversal sequences in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2334 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2026-04-16 | N/A |
| The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. | ||||
| CVE-2005-3073 | 1 Interchange Development Group | 1 Interchange | 2026-04-16 | N/A |
| Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page. | ||||
| CVE-2005-3075 | 1 Mpc-donkey | 1 Zengaia | 2026-04-16 | N/A |
| SQL injection vulnerability in Zengaia before 0.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2005-3081 | 1 Wzdftpd | 1 Wzdftpd | 2026-04-16 | N/A |
| wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command. | ||||
| CVE-2005-3084 | 1 Sony | 1 Playstation Portable | 2026-04-16 | N/A |
| Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image. | ||||
| CVE-2005-2566 | 1 Openbb | 1 Openbb | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php. | ||||
| CVE-2005-3086 | 1 Contentserv | 1 Contentserv | 2026-04-16 | N/A |
| Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter. | ||||
| CVE-2006-2436 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges. | ||||
| CVE-2006-2472 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. | ||||
| CVE-2006-0404 | 1 Mike Macgirvin | 1 Note-a-day Weblog | 2026-04-16 | N/A |
| Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted passwords. | ||||
| CVE-2006-0423 | 1 Oracle | 1 Weblogic Portal | 2026-04-16 | N/A |
| BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. | ||||
| CVE-2005-3107 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state. | ||||
| CVE-2005-3111 | 1 Debian | 1 Backupninja | 2026-04-16 | N/A |
| The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack. | ||||
| CVE-2006-0452 | 1 Redhat | 2 Directory Server, Fedora Core | 2026-04-16 | N/A |
| dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of "," (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite. | ||||
| CVE-2006-2561 | 1 Edimax | 1 Br 6104k | 2026-04-16 | N/A |
| Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2006-2590 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-0457 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory. | ||||