Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4257 | 1 Linksys | 4 Befw11s4, Befw11s4 V3, Befw11s4 V4 and 1 more | 2026-04-16 | N/A |
| Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | ||||
| CVE-2006-1325 | 1 Streber | 1 Streber | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2002-1757 | 1 Phprojekt | 1 Phprojekt | 2026-04-16 | N/A |
| PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms". | ||||
| CVE-2004-2511 | 1 Codeworx Technologies | 1 Dcp-portal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php. | ||||
| CVE-2002-1760 | 1 Phprojekt | 1 Phprojekt | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors. | ||||
| CVE-2002-1763 | 1 Sun | 1 Sunos | 2026-04-16 | N/A |
| The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session. | ||||
| CVE-2004-0802 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2026-04-16 | N/A |
| Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | ||||
| CVE-2002-1769 | 1 Microsoft | 2 Site Server, Site Server Commerce | 2026-04-16 | N/A |
| Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege. | ||||
| CVE-2004-0810 | 1 Netopia | 1 Timbuktu Pro Mac | 2026-04-16 | N/A |
| Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to cause a denial of service (server process crash) via a certain data string that is sent to multiple simultaneous client connections to TCP port 407. | ||||
| CVE-2005-4261 | 1 Positive Software | 1 Cp\+ | 2026-04-16 | N/A |
| Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure. | ||||
| CVE-2002-1770 | 1 Qualcomm | 1 Eudora | 2026-04-16 | N/A |
| Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer. | ||||
| CVE-2005-4269 | 1 Microsoft | 3 Ie, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. | ||||
| CVE-2002-1778 | 1 Symantec | 1 Norton Personal Firewall | 2026-04-16 | N/A |
| Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan. | ||||
| CVE-2002-1786 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, which allows local users to read the core dumps and possibly obtain sensitive information. | ||||
| CVE-2005-4270 | 1 Watchfire | 1 Appscan Qa | 2026-04-16 | N/A |
| Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field. | ||||
| CVE-2006-1326 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action. | ||||
| CVE-2002-1789 | 1 Newsx | 1 Newsx | 2026-04-16 | N/A |
| Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function. | ||||
| CVE-2002-1792 | 1 Fake Identd | 1 Fake Identd | 2026-04-16 | N/A |
| Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers to execute arbitrary code as root via a long request that is split into multiple packets. | ||||
| CVE-2005-4282 | 1 Zaygo | 1 Domaincart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi. | ||||
| CVE-2006-1331 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter. | ||||