Total
345064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0754 | 5 Conectiva, Gentoo, Kde and 2 more | 6 Linux, Linux, Kde and 3 more | 2026-04-16 | 7.5 HIGH | N/A |
| Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. | |||||
| CVE-1999-0789 | 1 Ibm | 1 Aix | 2026-04-16 | 10.0 HIGH | N/A |
| Buffer overflow in AIX ftpd in the libc library. | |||||
| CVE-2005-2416 | 1 Astalavista It Engineering | 1 Contrexx | 2026-04-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2) title in the blog aggregation module. | |||||
| CVE-2006-1196 | 1 David Barrett | 1 Qwikiwiki | 2026-04-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php. | |||||
| CVE-2006-3362 | 2 Geeklog, Toenda Software Development | 2 Geeklog, Toendacms | 2026-04-16 | 5.1 MEDIUM | N/A |
| Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip. | |||||
| CVE-1999-0076 | 1 Washington University | 1 Wu-ftpd | 2026-04-16 | 5.0 MEDIUM | N/A |
| Buffer overflow in wu-ftp from PASV command causes a core dump. | |||||
| CVE-2003-1192 | 1 Truenorth Software | 1 Ia Webmail Server | 2026-04-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2006-1118 | 1 Bmail | 1 Bmail | 2026-04-16 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in bmail before Aardvark PR9.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving GBK character sets. | |||||
| CVE-2004-2105 | 1 Novell | 1 Netware | 2026-04-16 | 5.0 MEDIUM | N/A |
| The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. | |||||
| CVE-2004-0713 | 1 Bea | 1 Weblogic Server | 2026-04-16 | 6.4 MEDIUM | N/A |
| The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. | |||||
| CVE-2005-0495 | 1 Zeroboard | 1 Zeroboard | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php. | |||||
| CVE-2002-0364 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." | |||||
| CVE-1999-0453 | 1 Cisco | 1 Router | 2026-04-16 | 5.0 MEDIUM | N/A |
| An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | |||||
| CVE-2006-4629 | 1 C-news.fr | 1 C-news | 2026-04-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2005-1822 | 1 Qualiteam | 1 X-cart | 2026-04-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. | |||||
| CVE-2006-0064 | 1 Devellion | 1 Cubecart | 2026-04-16 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. | |||||
| CVE-2002-1804 | 1 Npds | 1 Npds | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | |||||
| CVE-2002-0452 | 1 Foundrynet | 1 Serveriron | 2026-04-16 | 7.5 HIGH | N/A |
| Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible. | |||||
| CVE-2005-4684 | 1 Kde | 1 Konqueror | 2026-04-16 | 6.4 MEDIUM | N/A |
| Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | |||||
| CVE-2002-0068 | 2 Redhat, Squid | 2 Linux, Squid | 2026-04-16 | 7.5 HIGH | N/A |
| Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. | |||||