ReportizFlow
Filtered by vendor
Subscriptions
Total
29918 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4417 | 3 Anycom, Belkin, Widcomm | 3 Blue Usb-130-250 Software, Bluetooth Software, Bluetooth For Windows | 2026-04-16 | N/A |
| The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. | ||||
| CVE-2005-4437 | 1 Extended Interior Gateway Routing Protocol | 1 Extended Interior Gateway Routing Protocol | 2026-04-16 | N/A |
| MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. | ||||
| CVE-2006-1734 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2026-04-16 | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. | ||||
| CVE-2005-4447 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter. NOTE: the original disclosure suggests that command injection is not feasible because the injection occurs after an "ORDER BY" clause, but it is likely that this bug could result in an error message path disclosure due to a syntax error, in some environments. Therefore this is an exposure and should be included in CVE. | ||||
| CVE-2002-0124 | 1 Mdg Computer Services | 1 Web Server 4d Ecommerce | 2026-04-16 | N/A |
| MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory traversal vulnerability via a ../ (dot dot) containing URL-encoded slashes in the HTTP request. | ||||
| CVE-2005-4460 | 1 Beehive Forum | 1 Beehive Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Description, and (3) Comment fields to (a) links.php and (b) links_add.php. | ||||
| CVE-2006-0891 | 1 Nocc | 1 Nocc | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) the lang and (3) theme parameters and the (4) Accept-Language HTTP header field, when force_default_lang is disabled, in (b) index.php, as demonstrated by injecting PHP code into a profile and accessing it using the lang parameter in index.php. | ||||
| CVE-2005-4492 | 1 Starphire Technologies | 5 Sitesage, Sitesage-ee, Sitesage-le and 2 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter. | ||||
| CVE-1999-0389 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| Buffer overflow in the bootp server in the Debian Linux netstd package. | ||||
| CVE-2006-1783 | 1 Patronet | 1 Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. | ||||
| CVE-2006-1799 | 1 Adcentrix | 1 Censtore | 2026-04-16 | N/A |
| censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | ||||
| CVE-2006-1812 | 1 Phpwebftp | 1 Phpwebftp | 2026-04-16 | N/A |
| phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | ||||
| CVE-1999-0025 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| root privileges via buffer overflow in df command on SGI IRIX systems. | ||||
| CVE-2006-1848 | 1 Linpha | 1 Linpha | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter. | ||||
| CVE-2006-1862 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load. | ||||
| CVE-2003-0451 | 1 Xblockout | 1 Xbl | 2026-04-16 | N/A |
| Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments. | ||||
| CVE-1999-0530 | 2026-04-16 | N/A | ||
| A system is operating in "promiscuous" mode which allows it to perform packet sniffing. | ||||
| CVE-2005-1327 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter. | ||||
| CVE-2005-4637 | 1 Kayako | 1 Supportsuite | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module. | ||||
| CVE-2006-0149 | 1 Simpbook | 1 Simpbook | 2026-04-16 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field. | ||||