ReportizFlow
Filtered by vendor
Subscriptions
Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-1149 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. | ||||
| CVE-2006-1451 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database. | ||||
| CVE-2006-1455 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference. | ||||
| CVE-2006-1456 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging. | ||||
| CVE-2006-1478 | 1 Turnkey Web Tools | 1 Php Live Helper | 2026-04-16 | N/A |
| Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php. | ||||
| CVE-2006-1483 | 1 Desiderata Software | 1 Blazix Web Server | 2026-04-16 | N/A |
| Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of a URL. | ||||
| CVE-2006-1488 | 1 Activecampaign | 1 Supporttrio | 2026-04-16 | N/A |
| ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) print parameters in a kb action to index.php, or (3) an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message. | ||||
| CVE-2006-1490 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-16 | N/A |
| PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents. | ||||
| CVE-2006-1493 | 1 Nikolay Avrionov | 1 Explorer Xp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is resultant from CVE-2006-1492. | ||||
| CVE-2006-1506 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2026-04-16 | N/A |
| Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges. | ||||
| CVE-2006-1544 | 1 Vscripts | 1 Vnews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza and (2) tresckomentarza parameters. | ||||
| CVE-2006-1579 | 1 Dbbs | 1 Dbbs | 2026-04-16 | N/A |
| SQL injection vulnerability in topics.php in Dynamic Bulletin Board System (DbbS) 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter. | ||||
| CVE-2006-1590 | 2 Kevin Johnson, Roman Danyliw | 2 Basic Analysis And Security Engine, Analysis Console For Intrusion Databases \(acid\) | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation. | ||||
| CVE-2006-1629 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2026-04-16 | N/A |
| OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. | ||||
| CVE-2006-1628 | 1 Adobe | 1 Livecycle Form Manager | 2026-04-16 | N/A |
| Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system. | ||||
| CVE-2006-1683 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name. | ||||
| CVE-2001-0836 | 1 Oracle | 1 Application Server Web Cache | 2026-04-16 | N/A |
| Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. | ||||
| CVE-2001-0839 | 1 Ibill Internet Billing Company | 1 Processing Plus | 2026-04-16 | N/A |
| ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing. | ||||
| CVE-2001-0844 | 1 Seth Leonard | 2 Book Of Guests, Post It | 2026-04-16 | N/A |
| Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter. | ||||
| CVE-2001-0857 | 1 Imp | 1 Webmail | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. | ||||