Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2052 1 Cisco 1 Ios 2026-04-16 N/A
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an interim release of the software.
CVE-2004-2024 1 Zen Cart 1 Zen Cart 2026-04-16 N/A
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.
CVE-2004-2036 1 Jportal 1 Jportal Web Portal 2026-04-16 N/A
SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter.
CVE-2002-2055 1 Teekai 1 Teekai Tracking Online 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2004-2041 1 E107 1 E107 2026-04-16 N/A
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
CVE-2002-2057 1 Teekai 1 Teekai Forum 2026-04-16 N/A
TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
CVE-2004-2052 1 Esesix 1 Thintune 2026-04-16 N/A
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing.
CVE-2002-2060 1 Twibright Labs 1 Links 2026-04-16 N/A
Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images.
CVE-2004-2056 1 Nucleus Group 1 Nucleus Cms 2026-04-16 N/A
SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter.
CVE-2006-1495 2 Netoffice, Phpcollab 2 Netoffice, Phpcollab 2026-04-16 N/A
SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option.
CVE-2002-2063 1 Atguard 1 Atguard Personal Firewall 2026-04-16 N/A
AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames.
CVE-2006-0546 1 Egeinternet 1 Egeinternet 2026-04-16 N/A
Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE.
CVE-2006-1496 1 Vihor 1 Vihordesign 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in ViHor Design allow remote attackers to inject arbitrary web script or HTML via (1) a remote URL in the page parameter, which is processed by an fopen call, or (2) HTML or script in the page parameter, which is returned to the client in an error message for the failed fopen call.
CVE-2002-2064 1 Phpwebgallery 1 Phpwebgallery 2026-04-16 N/A
isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo.
CVE-2006-1507 1 Phpkit 1 Phpkit 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php.
CVE-2004-2081 1 Karjasoft 1 Sami Ftp Server 2026-04-16 N/A
The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file.
CVE-2002-2078 1 Floosietek 2 Ftgateoffice, Ftgatepro 2026-04-16 N/A
Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command.
CVE-2006-0547 1 Oracle 1 Database Server 2026-04-16 N/A
Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB18 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0265.
CVE-2002-2080 1 Floosietek 1 Ftgatepro 2026-04-16 N/A
Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session.
CVE-2004-2092 1 Broadcom 1 Inoculateit 2026-04-16 N/A
eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information.