Total
29755 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1223 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag. | ||||
| CVE-2006-4287 | 2 Nes Game, Nes System | 2 Nes Game, Nes System | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php. | ||||
| CVE-2004-2254 | 1 Netwin | 1 Surgeldap | 2025-04-03 | N/A |
| SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. | ||||
| CVE-2006-3236 | 1 Thinkfactory | 1 Thinkwms | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php. | ||||
| CVE-2004-2255 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. | ||||
| CVE-2004-1596 | 1 3com | 1 3cradsl72 | 2025-04-03 | N/A |
| The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm. | ||||
| CVE-2004-1792 | 1 Yatsoft | 1 Switch Off | 2025-04-03 | N/A |
| swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a long packet with two CRLF sequences to the service management port (TCP 8000). | ||||
| CVE-2004-2078 | 1 Red-m | 1 Red-alert | 2025-04-03 | N/A |
| Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow. | ||||
| CVE-2004-2344 | 1 Vocaltec | 2 Vgw120 Telephony Gateway, Vgw480 Telephony Gateway | 2025-04-03 | N/A |
| Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW120 and VGW480 allows remote attackers to cause a denial of service. | ||||
| CVE-2004-2263 | 1 Playsms | 1 Playsms | 2025-04-03 | N/A |
| SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie. | ||||
| CVE-2006-2204 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | N/A |
| SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. | ||||
| CVE-2006-3226 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | N/A |
| Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." | ||||
| CVE-2006-3977 | 1 Broadcom | 1 Etrust Antivirus Webscan | 2025-04-03 | N/A |
| Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components." | ||||
| CVE-2004-2283 | 1 Daniel Barron | 1 Dansguardian | 2025-04-03 | N/A |
| Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache. | ||||
| CVE-2004-2288 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. | ||||
| CVE-2004-2407 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality. | ||||
| CVE-2006-0370 | 1 Noah Medling | 1 Rcblog | 2025-04-03 | N/A |
| Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes. | ||||
| CVE-2004-2415 | 1 Davenport | 1 Davenport | 2025-04-03 | N/A |
| Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks. | ||||
| CVE-2006-3364 | 1 F-art Agency | 1 Blog Cms | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3258 | 1 Bnbt | 2 Easytracker, Trinedit | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters. | ||||