Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4880 | 1 David Bennett | 1 Php-post | 2026-04-16 | N/A |
| David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages. | ||||
| CVE-2002-0961 | 1 Voxel | 1 Cbms | 2026-04-16 | N/A |
| Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack. | ||||
| CVE-2003-0432 | 2 Ethereal Group, Redhat | 3 Ethereal, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. | ||||
| CVE-2006-4969 | 1 Wahm E-commerce | 1 Pie Cart Pro | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php. | ||||
| CVE-2001-1072 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | ||||
| CVE-2006-1372 | 1 Benson It Solutions | 1 1webcalendar | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm. | ||||
| CVE-2006-4989 | 1 Patrick Michaelis | 1 Wili-cms | 2026-04-16 | N/A |
| Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages. | ||||
| CVE-2006-1377 | 2 Comoblog Project, Easymoblog | 2 Comoblog, Easymoblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter. | ||||
| CVE-2000-0297 | 1 Allaire | 1 Forums | 2026-04-16 | N/A |
| Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables. | ||||
| CVE-2003-0574 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028. | ||||
| CVE-2000-0353 | 1 University Of Washington | 1 Pine | 2026-04-16 | N/A |
| Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. | ||||
| CVE-2000-0403 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability. | ||||
| CVE-2001-1083 | 2 Icecast, Redhat | 2 Icecast, Powertools | 2026-04-16 | N/A |
| Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). | ||||
| CVE-2003-0613 | 1 Zblast | 1 Zblast | 2026-04-16 | N/A |
| Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file. | ||||
| CVE-2003-0616 | 1 Mcafee | 1 Epolicy Orchestrator | 2026-04-16 | N/A |
| Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution. | ||||
| CVE-2006-1384 | 1 Ibm | 1 Tivoli Business Systems Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the web console in IBM Tivoli Business Systems Manager (TBSM) before 3.1.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. | ||||
| CVE-2001-1088 | 1 Microsoft | 2 Outlook, Outlook Express | 2026-04-16 | N/A |
| Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. | ||||
| CVE-2000-0417 | 1 Cayman | 2 3220-h Dsl Router, Gatorsurf | 2026-04-16 | N/A |
| The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password. | ||||
| CVE-2003-0634 | 1 Oracle | 2 Oracle8i, Oracle9i | 2026-04-16 | N/A |
| Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | ||||
| CVE-2001-1095 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter. | ||||