Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4226 | 1 Phpwebthings | 1 Phpwebthings | 2026-04-16 | N/A |
| Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585. | ||||
| CVE-1999-0960 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option. | ||||
| CVE-2005-2247 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors. | ||||
| CVE-2005-2249 | 1 Jinzora | 1 Jinzora | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability. | ||||
| CVE-1999-0961 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. | ||||
| CVE-2004-1661 | 1 Sitecubed | 1 Mailworks Professional | 2026-04-16 | N/A |
| MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1." | ||||
| CVE-2005-4240 | 1 Vcd-db | 1 Vcd-db | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter. | ||||
| CVE-2005-2374 | 1 Belkin | 1 Belkin 54g Wireless Router | 2026-04-16 | N/A |
| Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces. | ||||
| CVE-1999-0970 | 1 Omnicron | 1 Omnihttpd | 2026-04-16 | N/A |
| The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created. | ||||
| CVE-2005-2376 | 1 Codemasters | 1 Toca Race Driver | 2026-04-16 | N/A |
| Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via a long (1) nickname or (2) chat message. | ||||
| CVE-2005-2521 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors. | ||||
| CVE-1999-0978 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| htdig allows remote attackers to execute commands via filenames with shell metacharacters. | ||||
| CVE-2005-4288 | 1 Marmaraweb | 1 Marmaraweb E-commerce | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E-commerce allows remote attackers to inject arbitrary web script or HTML via the page parameter to index.php. NOTE: this might be resultant from CVE-2005-4287. | ||||
| CVE-2006-4560 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. | ||||
| CVE-2004-1666 | 1 Cerulean Studios | 1 Trillian | 2026-04-16 | N/A |
| Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character. | ||||
| CVE-2005-1346 | 1 Symantec | 7 Antivirus Scan Engine, Mail Security, Norton Antivirus and 4 more | 2026-04-16 | N/A |
| Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. | ||||
| CVE-2005-2472 | 1 Netcplus | 1 Businessmail | 2026-04-16 | N/A |
| Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands. | ||||
| CVE-2004-1670 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html. | ||||
| CVE-2004-1672 | 1 Icewarp | 1 Web Mail | 2026-04-16 | N/A |
| attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request. | ||||
| CVE-2005-1348 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2026-04-16 | N/A |
| Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header. | ||||