Total
29841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4078 | 1 Deluxebb | 1 Deluxebb | 2026-04-16 | 7.5 HIGH | N/A |
| pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter. | |||||
| CVE-1999-1173 | 1 Corel | 1 Wordperfect | 2026-04-16 | 2.1 LOW | N/A |
| Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack. | |||||
| CVE-2005-1882 | 1 Yapig | 1 Yapig | 2026-04-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter. | |||||
| CVE-2005-4038 | 1 Web4future | 1 Portal Solutions | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter. | |||||
| CVE-2003-0557 | 1 Lagarde | 1 Storefront | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field. | |||||
| CVE-2001-0140 | 3 Immunix, Mandrakesoft, Redhat | 3 Immunix, Mandrake Linux, Linux | 2026-04-16 | 1.2 LOW | N/A |
| arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||||
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2026-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | |||||
| CVE-2002-0577 | 1 Hp | 1 Hp-ux | 2026-04-16 | 2.1 LOW | N/A |
| Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service. | |||||
| CVE-2004-2005 | 1 Qualcomm | 1 Eudora | 2026-04-16 | 5.1 MEDIUM | N/A |
| Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name. | |||||
| CVE-2002-1848 | 1 Tightvnc | 1 Tightvnc | 2026-04-16 | 2.1 LOW | N/A |
| TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords. | |||||
| CVE-2005-1202 | 1 Egroupware | 1 Egroupware | 2026-04-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter. | |||||
| CVE-2002-1352 | 1 Per Magne Knutsen | 1 Cartman | 2026-04-16 | 5.0 MEDIUM | N/A |
| Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter. | |||||
| CVE-2005-0684 | 1 Mysql | 1 Maxdb | 2026-04-16 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c. | |||||
| CVE-2002-0451 | 1 Phpprojekt | 1 Phpprojekt | 2026-04-16 | 7.5 HIGH | N/A |
| filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter. | |||||
| CVE-2006-3457 | 1 Symantec | 2 On-demand Agent, On-demand Protection | 2026-04-16 | 2.1 LOW | N/A |
| Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method. | |||||
| CVE-2005-2850 | 1 Whitsoft Development | 1 Slimftpd | 2026-04-16 | 5.0 MEDIUM | N/A |
| SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error. | |||||
| CVE-2006-3763 | 1 Dieselscripts | 1 Diesel Joke Site | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-1999-0890 | 1 Ihtml Merchant | 1 Ihtml Merchant | 2026-04-16 | 7.5 HIGH | N/A |
| iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error. | |||||
| CVE-2003-1238 | 1 Nuked-klan | 1 Nuked-klan | 2026-04-16 | 5.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules. | |||||
| CVE-2006-3217 | 1 Jaguarsoft | 1 Jaguaredit | 2026-04-16 | 2.6 LOW | N/A |
| JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field. | |||||