Export limit exceeded: 29915 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29915 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2535 | 1 Matthew Phillips | 1 Sticker | 2026-04-16 | N/A |
| The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key. | ||||
| CVE-2004-2544 | 1 Securecomputing | 1 Sidewinder G2 | 2026-04-16 | N/A |
| Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information. | ||||
| CVE-2004-2547 | 1 Netwin | 2 Surgemail, Webmail | 2026-04-16 | N/A |
| NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message. | ||||
| CVE-2006-2109 | 1 Jsboard | 1 Jsboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php. | ||||
| CVE-2006-2110 | 1 Virtual Private Server | 1 Vserver | 2026-04-16 | N/A |
| Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root. | ||||
| CVE-2006-2114 | 1 Sws | 1 Sws Simple Web Server | 2026-04-16 | N/A |
| Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request. | ||||
| CVE-2006-2115 | 1 Sws | 1 Sws Simple Web Server | 2026-04-16 | N/A |
| Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call. | ||||
| CVE-2004-2572 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2026-04-16 | N/A |
| AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable. | ||||
| CVE-2006-4650 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. | ||||
| CVE-2006-4653 | 2 Amazing Little Picture Poll, Amazing Little Poll | 2 Amazing Little Picture Poll, Amazing Little Poll | 2026-04-16 | N/A |
| (1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php). | ||||
| CVE-2004-2573 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter. | ||||
| CVE-2004-2578 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords. | ||||
| CVE-2004-2579 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding." | ||||
| CVE-2006-2135 | 1 Ruperts News | 1 Ruperts News | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-4657 | 1 Panda | 1 Panda Platinum Internet Security | 2026-04-16 | N/A |
| Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE. | ||||
| CVE-2004-2580 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors. | ||||
| CVE-2006-2137 | 1 Openphpnuke | 1 Openphpnuke | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | ||||
| CVE-2004-2581 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string." | ||||
| CVE-2006-2140 | 1 Orbitscripts | 1 Orbithyip | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php. | ||||
| CVE-2004-2582 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information. | ||||