Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1953 | 1 Caucho Technology | 1 Resin | 2026-04-16 | N/A |
| Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. | ||||
| CVE-2004-0259 | 1 Joe Lumbroso Acks | 1 Formmail.php | 2026-04-16 | N/A |
| The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue. | ||||
| CVE-2004-0261 | 1 Openjournal | 1 Openjournal | 2026-04-16 | N/A |
| oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter. | ||||
| CVE-2004-0262 | 1 The Palace | 1 The Palace Client | 2026-04-16 | N/A |
| Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string. | ||||
| CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | ||||
| CVE-2004-0270 | 1 Clam Anti-virus | 1 Clamav | 2026-04-16 | N/A |
| libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. | ||||
| CVE-2006-1973 | 1 Linksys | 1 Rt31p2 | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages. | ||||
| CVE-2004-0274 | 1 Eggheads | 1 Eggdrop Irc Bot | 2026-04-16 | N/A |
| Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities. | ||||
| CVE-2006-1977 | 1 Flexbb | 1 Flexbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) message parameters. | ||||
| CVE-2005-3868 | 1 Turn-k | 1 K-search | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request. | ||||
| CVE-2004-0280 | 1 Caucho Technology | 1 Resin | 2026-04-16 | N/A |
| Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20. | ||||
| CVE-2006-1980 | 1 W2b | 1 Online Banking | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter. | ||||
| CVE-2004-0084 | 3 Openbsd, Redhat, Xfree86 Project | 4 Openbsd, Enterprise Linux, Linux and 1 more | 2026-04-16 | N/A |
| Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. | ||||
| CVE-2006-1994 | 1 Dforum | 1 Dforum | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php. | ||||
| CVE-2006-1651 | 1 Microsoft | 1 Isa Server | 2026-04-16 | N/A |
| Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol. | ||||
| CVE-2006-2011 | 1 4homepages | 1 4images | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name parameter in register.php. | ||||
| CVE-2004-0303 | 1 Fools Workshop | 1 Owls Workshop | 2026-04-16 | N/A |
| OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd. | ||||
| CVE-2006-3461 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2026-04-16 | N/A |
| Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2004-0304 | 1 Webcortex | 1 Webstores 2000 | 2026-04-16 | N/A |
| SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter. | ||||
| CVE-2006-4978 | 1 Walter Beschmout | 1 Phpquiz | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI. | ||||