ReportizFlow
Filtered by vendor
Subscriptions
Total
29930 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1508 | 1 Mh Software | 1 Connect Daily | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html. | ||||
| CVE-2000-0429 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2026-04-16 | N/A |
| A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands. | ||||
| CVE-2006-1509 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| /sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service. | ||||
| CVE-2002-1098 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2026-04-16 | N/A |
| Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator. | ||||
| CVE-2004-1449 | 2 Firebirdsql, Mozilla | 3 Firebird, Mozilla, Thunderbird | 2026-04-16 | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. | ||||
| CVE-2006-1567 | 1 Sitesearch | 1 Indexer | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter. | ||||
| CVE-2003-1231 | 1 Ecw-shop | 1 Ecw-shop | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | ||||
| CVE-2002-1154 | 2 Redhat, Stephen Turner | 2 Powertools, Analog | 2026-04-16 | N/A |
| anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. | ||||
| CVE-2003-1235 | 1 Brs | 1 Webweaver | 2026-04-16 | N/A |
| BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory. | ||||
| CVE-2002-1182 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | N/A |
| IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. | ||||
| CVE-2006-1606 | 1 Exponent | 1 Exponent Cms | 2026-04-16 | N/A |
| Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors. | ||||
| CVE-2002-1231 | 1 Caldera | 2 Openunix, Unixware | 2026-04-16 | N/A |
| SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc. | ||||
| CVE-2003-1249 | 1 Businessobjects | 1 Webintelligence | 2026-04-16 | N/A |
| WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions. | ||||
| CVE-2002-1245 | 1 Frank Mcingvale | 1 Luxman | 2026-04-16 | N/A |
| Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program. | ||||
| CVE-2002-1269 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem. | ||||
| CVE-2000-0431 | 1 Sun | 2 Cobalt Raq 2, Cobalt Raq 3i | 2026-04-16 | N/A |
| Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files. | ||||
| CVE-2002-1277 | 2 Redhat, Windowmaker | 3 Enterprise Linux, Linux, Windowmaker | 2026-04-16 | N/A |
| Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. | ||||
| CVE-2002-1307 | 1 Mhonarc | 1 Mhonarc | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name. | ||||
| CVE-2003-1263 | 1 Brown Bear Software | 1 Ical | 2026-04-16 | N/A |
| ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name. | ||||
| CVE-2006-0709 | 2 Metamail Corporation, Redhat | 2 Metamail, Enterprise Linux | 2026-04-16 | N/A |
| Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105. | ||||