Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1932 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. | ||||
| CVE-2006-3900 | 1 Tobias Kloy | 1 Tp-book | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2004-1961 | 1 Protector System | 1 Protector System | 2026-04-16 | N/A |
| blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "'" characters ("%27"). | ||||
| CVE-2006-0178 | 1 Cray | 1 Unicos | 2026-04-16 | N/A |
| Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. | ||||
| CVE-2004-1962 | 1 Protector System | 1 Protector System | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields. | ||||
| CVE-2006-0202 | 1 Paypal | 1 Php Toolkit | 2026-04-16 | N/A |
| Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. | ||||
| CVE-2004-1990 | 1 Aldo Vargas | 1 Aldos Web Server | 2026-04-16 | N/A |
| Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request. | ||||
| CVE-2006-3907 | 1 Siemens | 1 Speedstream Wireless Router | 2026-04-16 | N/A |
| Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface. | ||||
| CVE-2004-1993 | 1 Omail | 1 Omail Webmail | 2026-04-16 | N/A |
| The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password. | ||||
| CVE-2004-1994 | 1 E-zone Media Inc. | 1 Fusetalk | 2026-04-16 | N/A |
| FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm. | ||||
| CVE-2005-3585 | 1 Phpwebthings | 1 Phpwebthings | 2026-04-16 | N/A |
| SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter. | ||||
| CVE-2004-2037 | 1 Mollensoft Software | 1 Lightweight Ftp Server | 2026-04-16 | N/A |
| Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client. | ||||
| CVE-2006-0213 | 1 Kolab | 1 Kolab Groupware Server | 2026-04-16 | N/A |
| Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges. | ||||
| CVE-2006-3913 | 1 Freeciv | 1 Freeciv | 2026-04-16 | N/A |
| Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c. | ||||
| CVE-2004-2053 | 1 Easyins | 1 Easyins | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter. | ||||
| CVE-2005-3589 | 1 Filezilla | 1 Filezilla Server Terminal | 2026-04-16 | N/A |
| Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command. | ||||
| CVE-2006-0219 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. | ||||
| CVE-2004-2084 | 1 Jshop E-commerce | 2 Jshop Professional, Jshop Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter. | ||||
| CVE-2006-3921 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2026-04-16 | N/A |
| Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI. | ||||
| CVE-2004-2091 | 1 Microsoft | 1 Baseline Security Analyzer | 2026-04-16 | N/A |
| Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. | ||||