Total
345178 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4771 | 1 Trust Digital | 1 Trusted Mobility Suite | 2026-04-16 | 4.6 MEDIUM | N/A |
| Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized. | |||||
| CVE-2006-1249 | 1 Apple | 2 Itunes, Quicktime | 2026-04-16 | 6.8 MEDIUM | N/A |
| Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. | |||||
| CVE-2005-1930 | 1 Trend Micro | 1 Serverprotect | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Crystal Report component (rptserver.asp) in Trend Micro ServerProtect Management Console 5.58, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, and possibly earlier versions, allows remote attackers to read arbitrary files via the IMAGE parameter. | |||||
| CVE-2004-1061 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter. | |||||
| CVE-2006-4872 | 1 Keyvan1 | 1 Ecardpro | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | |||||
| CVE-2006-2191 | 1 Gnu | 1 Mailman | 2026-04-16 | 7.5 HIGH | N/A |
| Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable. | |||||
| CVE-2006-2552 | 1 Jemscripts | 1 Downloadcontrol | 2026-04-16 | 5.0 MEDIUM | N/A |
| Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php. | |||||
| CVE-2006-0446 | 1 Webwork | 1 Webwork | 2026-04-16 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors. | |||||
| CVE-2005-0465 | 1 Sgi | 1 Irix | 2026-04-16 | 2.1 LOW | N/A |
| gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option. | |||||
| CVE-2005-4229 | 1 Everyauction | 1 Everyauction | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources and independently verified using source code inspection. | |||||
| CVE-2002-2185 | 6 Debian, Mandrakesoft, Microsoft and 3 more | 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more | 2026-04-16 | 4.9 MEDIUM | N/A |
| The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. | |||||
| CVE-2005-2070 | 1 Sendmail | 1 Sendmail | 2026-04-16 | 5.0 MEDIUM | N/A |
| The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading. | |||||
| CVE-2006-1413 | 1 Htmljunction | 1 Ezhomepagepro | 2026-04-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or (c) users/users_profiles.asp; (3) page parameter in (d) users/users_calendar.asp; (4) usid parameter in (e) users/users_mgallery.asp; or (5) m parameter in (f) users/users_search.asp. | |||||
| CVE-2005-1842 | 1 Adobe | 1 Version Cue | 2026-04-16 | 2.1 LOW | N/A |
| VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-2006-1826 | 1 Snipegallery | 1 Snipe Gallery | 2026-04-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection. | |||||
| CVE-2006-0198 | 1 Xoops | 1 Xoops Pool Module | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. | |||||
| CVE-2005-1836 | 1 Nextweb | 1 Nextweb \(i\)site | 2026-04-16 | 5.0 MEDIUM | N/A |
| NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files. | |||||
| CVE-2005-2331 | 1 Moosegallery | 1 Moosegallery | 2026-04-16 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter. | |||||
| CVE-2006-1940 | 1 Ethereal Group | 1 Ethereal | 2026-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector. | |||||
| CVE-2001-1570 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | 2.1 LOW | N/A |
| Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. | |||||