Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0259 | 1 Instantservers Inc. | 1 Miniportal | 2026-04-16 | N/A |
| InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges. | ||||
| CVE-2002-0293 | 1 Alcatel-lucent | 1 Omnipcx | 2026-04-16 | N/A |
| FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file. | ||||
| CVE-2005-2589 | 1 Linksys | 1 Wrt54gs | 2026-04-16 | N/A |
| Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption. | ||||
| CVE-2005-2882 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors. | ||||
| CVE-2005-3671 | 3 Frees Wan, Openswan, Xelerance | 3 Frees Wan, Openswan, Openswan | 2026-04-16 | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | ||||
| CVE-2005-2596 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries. | ||||
| CVE-2006-3174 | 1 Squirrelmail | 1 Squirrelmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. | ||||
| CVE-2002-0331 | 1 Alcatech Gmbh | 1 Bpm Studio Pro | 2026-04-16 | N/A |
| Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. | ||||
| CVE-2002-0333 | 1 Xtell | 1 Xtell | 2026-04-16 | N/A |
| Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument. | ||||
| CVE-2005-2609 | 1 Vegadns | 1 Vegadns | 2026-04-16 | N/A |
| index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter. | ||||
| CVE-2002-0375 | 1 Ecometry | 1 Sgdynamo | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. | ||||
| CVE-2005-2633 | 1 Phptb | 1 Topic Boards | 2026-04-16 | N/A |
| Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter. | ||||
| CVE-2005-2898 | 1 Filezilla | 1 Filezilla | 2026-04-16 | N/A |
| NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently. | ||||
| CVE-2002-0445 | 1 Php Firstpost | 1 Php Firstpost | 2026-04-16 | N/A |
| article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message. | ||||
| CVE-2002-0449 | 1 Talentsoft | 1 Web\+ Server | 2026-04-16 | N/A |
| Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe. | ||||
| CVE-2005-2912 | 1 Linksys | 1 Wrt54g | 2026-04-16 | N/A |
| Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value. | ||||
| CVE-2005-3681 | 1 Xoops | 1 Wf-downloads | 2026-04-16 | N/A |
| SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter. | ||||
| CVE-2002-0447 | 1 Xerver | 1 Xerver | 2026-04-16 | N/A |
| Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request. | ||||
| CVE-2002-0446 | 1 Black Tie Project | 1 Black Tie Project | 2026-04-16 | N/A |
| categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message. | ||||
| CVE-2005-2657 | 1 Common-lisp-controller | 1 Common-lisp-controller | 2026-04-16 | N/A |
| Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before. | ||||