Total
29753 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2014 | 1 Web-provence | 1 Sl Site | 2025-04-03 | N/A |
| Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS from an error message. | ||||
| CVE-2004-2441 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue." | ||||
| CVE-2004-2451 | 1 Gamespy | 3 Roger Wilco Dedicated Server, Roger Wilco Graphical Server, Rw Base Station | 2025-04-03 | N/A |
| Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep" bug. | ||||
| CVE-2004-2472 | 1 Agnitum | 1 Outpost Firewall | 2025-04-03 | N/A |
| Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro. | ||||
| CVE-2006-2017 | 1 Dnsmasq | 1 Dnsmasq | 2025-04-03 | N/A |
| Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. | ||||
| CVE-2004-2484 | 1 Php Gift Registry | 1 Phpgiftreg | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to (1) event.php or (2) index.php. | ||||
| CVE-2006-2018 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | N/A |
| SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4. | ||||
| CVE-2004-2485 | 1 Php Live | 1 Php Live | 2025-04-03 | N/A |
| Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors. | ||||
| CVE-2006-2021 | 1 Asteriskathome | 1 Asteriskathome | 2025-04-03 | N/A |
| Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files. | ||||
| CVE-2004-2488 | 1 Nexgen | 1 Nexgen Ftp Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands. | ||||
| CVE-2004-2492 | 1 Hitachi | 1 Groupmax World Wide Web Desktop | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. | ||||
| CVE-2004-2494 | 1 Code-crafters | 1 Ability Mail Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter. | ||||
| CVE-2004-2512 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | N/A |
| CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter. | ||||
| CVE-2006-2036 | 1 Iopus | 1 Secure Email Attachments | 2025-04-03 | N/A |
| iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring. | ||||
| CVE-2004-2527 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | N/A |
| The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. | ||||
| CVE-2004-2543 | 1 Securecomputing | 1 Sidewinder G2 | 2025-04-03 | N/A |
| Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure. | ||||
| CVE-2006-2037 | 1 Thwboard | 1 Thwboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter. | ||||
| CVE-2004-2550 | 1 Xperience | 1 Sandsurfer | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data. | ||||
| CVE-2004-2562 | 1 Leigh Business Enterprises | 1 Web Helpdesk | 2025-04-03 | N/A |
| SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-2038 | 1 Amplecom | 1 Ampleshop | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm. | ||||