ReportizFlow
Filtered by vendor
Subscriptions
Total
29914 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1542 | 2 Python, Redhat | 2 Python, Network Satellite | 2026-04-16 | N/A |
| Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected. | ||||
| CVE-2005-4661 | 1 Campware.org | 1 Campsite | 2026-04-16 | N/A |
| The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password. | ||||
| CVE-2005-4675 | 1 Complete Php Counter | 1 Complete Php Counter | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter. | ||||
| CVE-2005-4700 | 1 Tellme | 1 Tellme | 2026-04-16 | N/A |
| TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message. | ||||
| CVE-2006-1608 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. | ||||
| CVE-2006-1609 | 1 Hitachi | 4 Xfit S, Xfit S Jca, Xfit S Zengin and 1 more | 2026-04-16 | N/A |
| Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, and XFIT/S ZENGIN TCP/IP Procedure allows remote attackers to cause a denial of service (server process and transfer control process stop) when the products "receive data unexpectedly". | ||||
| CVE-2006-1611 | 1 Kgb | 1 Archiver | 2026-04-16 | N/A |
| Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences in a filename. | ||||
| CVE-2006-1620 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier. | ||||
| CVE-2006-1627 | 1 Adobe | 1 Acrobat Reader | 2026-04-16 | N/A |
| Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. | ||||
| CVE-2006-1639 | 1 Wire Plastik Design | 1 Wpblog | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | ||||
| CVE-2006-1649 | 1 Eset Software | 1 Nod32 Antivirus | 2026-04-16 | N/A |
| The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions. | ||||
| CVE-2006-1653 | 1 Angelinecms | 1 Angelinecms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter. | ||||
| CVE-2006-1673 | 1 Jelsoft | 1 Vbug Tracker | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter. | ||||
| CVE-2006-1675 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674. | ||||
| CVE-2005-4724 | 1 Phptagcool | 1 Phptagcool | 2026-04-16 | N/A |
| SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header. | ||||
| CVE-2006-1695 | 1 Fbida | 1 Fbida | 2026-04-16 | N/A |
| The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID]. | ||||
| CVE-2005-4746 | 1 Freeradius | 1 Freeradius | 2026-04-16 | N/A |
| Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". | ||||
| CVE-2006-1709 | 1 Interaktiv | 1 Interaktiv.shop | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters. | ||||
| CVE-2005-4785 | 1 Jl Webworks | 1 Quickblogger | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section. | ||||
| CVE-2005-4810 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX). | ||||