Filtered by NVD-CWE-Other
Total 29109 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-2165 1 Serendipitynz 1 Serene Bach 2024-09-17 N/A
SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
CVE-2003-0732 1 Cisco 4 Ciscoworks Cd1, Ciscoworks Common Management Foundation, Resource Manager and 1 more 2024-09-17 N/A
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
CVE-2006-7009 1 Joomla 1 Joomla 2024-09-17 N/A
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
CVE-2005-1781 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2024-09-17 N/A
Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).
CVE-2013-2742 2 Ithemes, Wordpress 2 Backupbuddy, Wordpress 2024-09-17 N/A
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script.
CVE-2006-6017 1 Wordpress 1 Wordpress 2024-09-17 N/A
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
CVE-2005-3667 1 Internet Key Exchange 1 Internet Key Exchange 2024-09-17 N/A
Multiple unspecified vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. In addition, since "denial of service" is an impact and not a vulnerability, it is unknown which underlying vulnerabilities are actually covered by this particular candidate.
CVE-2014-8305 1 C97 1 Cart Engine 2024-09-17 N/A
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php.
CVE-2002-2033 1 Faqmanager 1 Faqmanager.cgi 2024-09-17 N/A
faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).
CVE-2006-1792 1 Mailenable 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard 2024-09-17 N/A
Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.
CVE-2007-3992 1 Iexpress 1 Property Pro 2024-09-17 N/A
SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2002-1815 1 Aquonics Scripting 1 Aquonics File Manager 2024-09-17 N/A
Directory traversal vulnerability in source.php and source.cgi in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2006-7000 1 Headstart Solutions 1 Deskpro 2024-09-17 N/A
Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.
CVE-2002-2204 1 Redhat 1 Redhat Package Manager 2024-09-17 N/A
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.
CVE-2009-4041 1 Usebb 1 Usebb 2024-09-17 N/A
UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of service (infinite loop) via crafted BBCode tags.
CVE-2005-3698 1 Php Easy Download 1 Php Easy Download 2024-09-17 N/A
PHP Easy Download allows remote attackers to bypass authentication via edit.php.
CVE-2005-1015 1 Mailenable 1 Imapd 2024-09-17 N/A
Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
CVE-2005-2655 1 Maildrop 1 Maildrop 2024-09-17 N/A
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.
CVE-2013-7387 1 Dleviet 1 Datalife Engine 2024-09-17 N/A
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
CVE-2002-2034 1 John Hardin 1 Procmail Email Sanitizer 2024-09-17 N/A
The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments.