Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1024 | 1 Addsoft | 1 Storebot | 2026-04-16 | N/A |
| SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1026 | 1 Jfacets | 1 Jfacets | 2026-04-16 | N/A |
| JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID. | ||||
| CVE-2004-0969 | 3 Gentoo, Gnu, Ubuntu | 3 Linux, Groff, Ubuntu Linux | 2026-04-16 | N/A |
| The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | ||||
| CVE-2005-3261 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2026-04-16 | N/A |
| getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the versions of all installed scripts, which allows remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2006-1030 | 1 Joomla | 1 Joomla | 2026-04-16 | N/A |
| Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path. | ||||
| CVE-2006-2018 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4. | ||||
| CVE-2005-3268 | 1 Raphael Bossek | 1 Yiff Server | 2026-04-16 | N/A |
| yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files. | ||||
| CVE-2005-3270 | 1 Symantec | 1 Norton Antivirus | 2026-04-16 | N/A |
| Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. | ||||
| CVE-2006-1034 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS. | ||||
| CVE-2006-2019 | 1 Apple | 1 Safari | 2026-04-16 | N/A |
| Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. | ||||
| CVE-2006-1035 | 1 Oracle | 2 Diagnostics, E-business Suite | 2026-04-16 | N/A |
| Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors. | ||||
| CVE-2002-1083 | 1 Visualshapers | 1 Ezcontents | 2026-04-16 | N/A |
| Directory traversal vulnerabilities in ezContents 1.41 and earlier allow remote attackers to cause ezContents to (1) create directories using the Maintain Images:Add New:Create Subdirectory item, or (2) list directories using the Maintain Images file listing, via .. (dot dot) sequences. | ||||
| CVE-2002-1093 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2026-04-16 | N/A |
| HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request. | ||||
| CVE-2005-3284 | 1 Ahnlab | 3 Myv3, V3net, V3pro 2004 | 2026-04-16 | N/A |
| Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. | ||||
| CVE-2005-3286 | 1 Kerio | 2 Personal Firewall, Serverfirewall | 2026-04-16 | N/A |
| The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability." | ||||
| CVE-2006-1040 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php. | ||||
| CVE-2002-1095 | 1 Cisco | 3 Secure Access Control Server, Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2026-04-16 | N/A |
| Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. | ||||
| CVE-2005-3304 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. | ||||
| CVE-2006-1046 | 1 Monopd | 1 Monopd | 2026-04-16 | N/A |
| server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output. | ||||
| CVE-2002-1112 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page. | ||||