Total
29855 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0438 | 1 Ramp Networks | 2 Webramp 200i, Webramp M3 | 2026-04-16 | 5.0 MEDIUM | N/A |
| Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address. | |||||
| CVE-2006-3950 | 1 X-scripts | 1 X-statistics | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
| CVE-2003-0588 | 1 Digi-fx | 1 Digi-news | 2026-04-16 | 10.0 HIGH | N/A |
| admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
| CVE-2002-1204 | 1 Netscape | 1 Communicator | 2026-04-16 | 5.0 MEDIUM | N/A |
| Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name. | |||||
| CVE-2006-0997 | 1 Novell | 2 Netware, Open Enterprise Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic. | |||||
| CVE-2004-0719 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | 7.5 HIGH | N/A |
| Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | 6.4 MEDIUM | N/A |
| phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | |||||
| CVE-2006-4210 | 1 Andreas Kansok | 1 Phpay | 2026-04-16 | 2.6 LOW | N/A |
| nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2000-0378 | 1 Redhat | 1 Linux | 2026-04-16 | 7.2 HIGH | N/A |
| The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in. | |||||
| CVE-2003-1298 | 1 Anyportal Php | 1 Anyportal Php | 2026-04-16 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot). | |||||
| CVE-2006-4834 | 1 Phpquiz | 1 Phpquiz | 2026-04-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter. | |||||
| CVE-2000-1132 | 1 Dcscripts | 1 Dcforum | 2026-04-16 | 6.4 MEDIUM | N/A |
| DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable. | |||||
| CVE-1999-0086 | 1 Ibm | 1 Aix | 2026-04-16 | 5.0 MEDIUM | N/A |
| AIX routed allows remote users to modify sensitive files. | |||||
| CVE-2001-0805 | 1 Tarantella | 1 Tarantella Enterprise | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter. | |||||
| CVE-2006-4967 | 1 Nextage | 1 Nextage Shopping Cart | 2026-04-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php. | |||||
| CVE-2004-0260 | 1 Cactusoft | 1 Cactushop Lite | 2026-04-16 | 5.0 MEDIUM | N/A |
| The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||. | |||||
| CVE-2000-0075 | 1 Nosque | 1 Msgcore | 2026-04-16 | 5.0 MEDIUM | N/A |
| Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session. | |||||
| CVE-1999-0953 | 1 Matt Wright | 1 Wwwboard | 2026-04-16 | 10.0 HIGH | N/A |
| WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. | |||||
| CVE-2000-1195 | 1 Caldera | 2 Openlinux Edesktop, Openlinux Eserver | 2026-04-16 | 7.5 HIGH | N/A |
| telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option. | |||||
| CVE-2004-1951 | 1 Xine | 3 Xine, Xine-lib, Xine-ui | 2026-04-16 | 5.0 MEDIUM | N/A |
| xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. | |||||