Total
346071 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0151 | 1 Xintercepttalk | 1 Xitalk | 2026-04-16 | 7.2 HIGH | N/A |
| Unknown vulnerability in xitalk 1.1.11 and earlier allows local users to execute arbitrary commands. | |||||
| CVE-2004-2004 | 1 Suse | 1 Suse Linux | 2026-04-16 | 10.0 HIGH | N/A |
| The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH. | |||||
| CVE-2004-2749 | 1 2wire | 1 Homeportal | 2026-04-16 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error. | |||||
| CVE-2000-1198 | 1 Qualcomm | 1 Qpopper | 2026-04-16 | 2.1 LOW | 5.5 MEDIUM |
| qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes. | |||||
| CVE-2006-0513 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2004-1294 | 1 Luke Mewburn | 1 Tnftp | 2026-04-16 | 5.0 MEDIUM | N/A |
| The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters. | |||||
| CVE-2006-0049 | 1 Gnu | 1 Privacy Guard | 2026-04-16 | 5.0 MEDIUM | N/A |
| gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. | |||||
| CVE-2005-2790 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2026-04-16 | 7.5 HIGH | N/A |
| BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client. | |||||
| CVE-2001-0313 | 1 Borderware | 1 Firewall Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network. | |||||
| CVE-2006-0502 | 1 Farsinews | 1 Farsinews | 2026-04-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepath parameter. | |||||
| CVE-2005-0378 | 1 Horde | 1 Horde | 2026-04-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. | |||||
| CVE-2005-3911 | 1 Bosdev | 1 Bosdates | 2026-04-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) category parameters. | |||||
| CVE-2006-0180 | 1 Calogic | 1 Calogic Calendars | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags. | |||||
| CVE-2006-3722 | 1 Oracle | 1 Peoplesoft Enterprise | 2026-04-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01. | |||||
| CVE-2005-1853 | 1 University Of Minnesota | 1 Gopher | 2026-04-16 | 7.2 HIGH | N/A |
| gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges. | |||||
| CVE-2004-1541 | 1 Van Dyke Technologies | 1 Securecrt | 2026-04-16 | 7.5 HIGH | N/A |
| SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share. | |||||
| CVE-2003-0437 | 1 Mnogosearch | 1 Mnogosearch | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter. | |||||
| CVE-2005-2461 | 1 Kayako | 1 Liveresponse | 2026-04-16 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter. | |||||
| CVE-2002-1019 | 1 Adobe | 1 Adobe Content Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp. | |||||
| CVE-2005-4852 | 1 Ez | 1 Ez Publish | 2026-04-16 | 5.0 MEDIUM | N/A |
| The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin. | |||||