Total
29100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7009 | 1 Joomla | 1 Joomla | 2024-09-17 | N/A |
| Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | ||||
| CVE-2005-1781 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2024-09-17 | N/A |
| Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash). | ||||
| CVE-2013-2742 | 2 Ithemes, Wordpress | 2 Backupbuddy, Wordpress | 2024-09-17 | N/A |
| importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script. | ||||
| CVE-2006-6017 | 1 Wordpress | 1 Wordpress | 2024-09-17 | N/A |
| WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. | ||||
| CVE-2005-3667 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2024-09-17 | N/A |
| Multiple unspecified vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. In addition, since "denial of service" is an impact and not a vulnerability, it is unknown which underlying vulnerabilities are actually covered by this particular candidate. | ||||
| CVE-2014-8305 | 1 C97 | 1 Cart Engine | 2024-09-17 | N/A |
| Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php. | ||||
| CVE-2002-2033 | 1 Faqmanager | 1 Faqmanager.cgi | 2024-09-17 | N/A |
| faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00). | ||||
| CVE-2006-1792 | 1 Mailenable | 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard | 2024-09-17 | N/A |
| Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337. | ||||
| CVE-2007-3992 | 1 Iexpress | 1 Property Pro | 2024-09-17 | N/A |
| SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2002-1815 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2024-09-17 | N/A |
| Directory traversal vulnerability in source.php and source.cgi in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2006-7000 | 1 Headstart Solutions | 1 Deskpro | 2024-09-17 | N/A |
| Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages. | ||||
| CVE-2002-2204 | 1 Redhat | 1 Redhat Package Manager | 2024-09-17 | N/A |
| The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source. | ||||
| CVE-2009-4041 | 1 Usebb | 1 Usebb | 2024-09-17 | N/A |
| UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of service (infinite loop) via crafted BBCode tags. | ||||
| CVE-2005-3698 | 1 Php Easy Download | 1 Php Easy Download | 2024-09-17 | N/A |
| PHP Easy Download allows remote attackers to bypass authentication via edit.php. | ||||
| CVE-2005-1015 | 1 Mailenable | 1 Imapd | 2024-09-17 | N/A |
| Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command. | ||||
| CVE-2005-2655 | 1 Maildrop | 1 Maildrop | 2024-09-17 | N/A |
| lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. | ||||
| CVE-2013-7387 | 1 Dleviet | 1 Datalife Engine | 2024-09-17 | N/A |
| Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. | ||||
| CVE-2002-2034 | 1 John Hardin | 1 Procmail Email Sanitizer | 2024-09-17 | N/A |
| The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments. | ||||
| CVE-2009-4642 | 1 Gnome | 1 Screensaver | 2024-09-17 | N/A |
| gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | ||||
| CVE-2007-3924 | 2 Microsoft, Netscape | 2 Internet Explorer, Navigator | 2024-09-17 | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE. | ||||