ReportizFlow
Filtered by vendor
Subscriptions
Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2550 | 1 Xperience | 1 Sandsurfer | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data. | ||||
| CVE-2006-2471 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. | ||||
| CVE-2004-2556 | 1 Netgear | 1 Wg602 | 2026-04-16 | N/A |
| NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | ||||
| CVE-2004-2578 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords. | ||||
| CVE-2004-2593 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer. | ||||
| CVE-2004-2604 | 1 Phproxy | 1 Phproxy | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter. | ||||
| CVE-2004-2666 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. | ||||
| CVE-2004-2670 | 1 Endonesia | 1 Endonesia | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module. | ||||
| CVE-2006-2507 | 1 Teake Nutma | 1 Foing | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php. | ||||
| CVE-2006-2568 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. | ||||
| CVE-2006-2570 | 1 Calogic | 1 Calogic Calendars | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue. | ||||
| CVE-2006-2585 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| SQL injection vulnerability in Destiney Links Script 2.1.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2001-1564 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space. | ||||
| CVE-2001-1571 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | N/A |
| The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. | ||||
| CVE-2001-1572 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets. | ||||
| CVE-2001-1581 | 1 Clearswift Limited | 1 Mailsweeper | 2026-04-16 | N/A |
| The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows remote attackers to bypass e-mail attachment filtering policies via a modified name in a Content-Type header. | ||||
| CVE-2002-0004 | 8 Caldera, Debian, Freebsd and 5 more | 9 Openlinux Server, Openlinux Workstation, Debian Linux and 6 more | 2026-04-16 | N/A |
| Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. | ||||
| CVE-2005-2541 | 1 Gnu | 1 Tar | 2026-04-16 | 7.0 High |
| Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. | ||||
| CVE-2006-1127 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. | ||||
| CVE-2005-1307 | 2 Adobe, Apple | 2 Version Cue, Mac Os X | 2026-04-16 | N/A |
| The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. | ||||