Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0348 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0356 | 1 Ari Pikivirta | 1 Home Ftp Server | 2026-04-16 | N/A |
| Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command. | ||||
| CVE-2006-1778 | 1 Simplog | 1 Simplog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php. | ||||
| CVE-2001-1100 | 1 Spencer Miles | 1 W3mail | 2026-04-16 | N/A |
| sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page. | ||||
| CVE-2006-1779 | 1 Simplog | 1 Simplog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. | ||||
| CVE-2006-0360 | 1 Mpm | 1 Hp-180w Voip Wifi Phone | 2026-04-16 | N/A |
| MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. | ||||
| CVE-2006-1780 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files. | ||||
| CVE-2001-1110 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2026-04-16 | N/A |
| EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection. | ||||
| CVE-2006-0361 | 1 Bit 5 Blog | 1 Bit 5 Blog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>. | ||||
| CVE-2006-2250 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message. | ||||
| CVE-2001-1115 | 1 Sixhead | 1 Six-webboard | 2026-04-16 | N/A |
| generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. | ||||
| CVE-2004-2309 | 1 Crob | 1 Crob Ftp Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command. | ||||
| CVE-2006-2252 | 1 Openfaq | 1 Openfaq | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2006-2253 | 1 Otterware | 1 Statit | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter. | ||||
| CVE-2006-0363 | 1 Microsoft | 1 Msn Messenger | 2026-04-16 | N/A |
| The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE. | ||||
| CVE-2004-2314 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. | ||||
| CVE-2006-1785 | 1 Adobe | 1 Document Server | 2026-04-16 | N/A |
| Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries. | ||||
| CVE-2006-1787 | 1 Adobe | 1 Document Server | 2026-04-16 | N/A |
| Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. | ||||
| CVE-2006-0370 | 1 Noah Medling | 1 Rcblog | 2026-04-16 | N/A |
| Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes. | ||||
| CVE-2006-1789 | 1 Georges Auberger | 1 Pajax | 2026-04-16 | N/A |
| Directory traversal vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to read arbitrary files via the $className variable. | ||||