Max CVSS 10.0 Min CVSS 1.9 Total Count443
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6493 6.5
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injec
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-6492 4.3
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-6494 5.5
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.
22-05-2018 - 14:29 22-05-2018 - 14:29
CVE-2018-4923 6.4
Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.
19-05-2018 - 13:29 19-05-2018 - 13:29
CVE-2018-4921 4.3
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.
19-05-2018 - 13:29 19-05-2018 - 13:29
CVE-2018-0258 10.0
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability
02-05-2018 - 18:29 02-05-2018 - 18:29
CVE-2018-9843 7.5
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.
16-04-2018 - 05:58 12-04-2018 - 11:29
CVE-2018-8721 4.3
Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen
15-03-2018 - 00:29 15-03-2018 - 00:29
CVE-2018-8045 6.5
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
14-03-2018 - 21:29 14-03-2018 - 21:29
CVE-2018-6551 7.5
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap re
02-02-2018 - 09:29 02-02-2018 - 09:29
CVE-2018-6485 7.5
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to
01-02-2018 - 09:29 01-02-2018 - 09:29
CVE-2017-1000409 6.9
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
31-01-2018 - 23:29 31-01-2018 - 23:29
CVE-2017-1000408 7.2
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
31-01-2018 - 23:29 31-01-2018 - 23:29
CVE-2018-1000001 7.2
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
31-01-2018 - 09:29 31-01-2018 - 09:29
CVE-2017-16997 9.3
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the cu
17-12-2017 - 20:29 17-12-2017 - 20:29
CVE-2017-16562 7.5
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-15804 7.5
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
22-10-2017 - 16:29 22-10-2017 - 16:29
CVE-2017-15671 4.3
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (mem
20-10-2017 - 13:29 20-10-2017 - 13:29
CVE-2017-15670 7.5
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
20-10-2017 - 13:29 20-10-2017 - 13:29
CVE-2017-8994 7.5
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
10-10-2017 - 17:29 10-10-2017 - 17:29
CVE-2015-6576 6.5
Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.
02-10-2017 - 21:29 02-10-2017 - 21:29
CVE-2017-14062 7.5
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
31-08-2017 - 12:29 31-08-2017 - 12:29
CVE-2017-12132 4.3
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
01-08-2017 - 12:29 01-08-2017 - 12:29
CVE-2015-5180 5.0
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
27-06-2017 - 16:29 27-06-2017 - 16:29
CVE-2017-1092 10.0
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
22-05-2017 - 16:29 22-05-2017 - 16:29
CVE-2017-8804 7.8
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an ove
10-05-2017 - 21:29 07-05-2017 - 14:29
CVE-2017-3066 7.5
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code executi
09-05-2017 - 20:39 27-04-2017 - 10:59
CVE-2016-9081 7.5
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
26-01-2017 - 10:07 23-01-2017 - 16:59
CVE-2014-0160 5.0
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer ov
06-01-2017 - 21:59 07-04-2014 - 18:55
CVE-2014-8630 6.5
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a tw
02-01-2017 - 21:59 01-02-2015 - 10:59
CVE-2015-2051 10.0
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
30-12-2016 - 21:59 23-02-2015 - 12:59
CVE-2015-1830 5.0
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
21-12-2016 - 21:59 19-08-2015 - 11:59
CVE-2005-3390 7.5
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST reque
07-12-2016 - 22:00 01-11-2005 - 07:47
CVE-2015-8562 7.5
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
07-12-2016 - 13:28 16-12-2015 - 16:59
CVE-2015-8358 9.0
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.m
07-12-2016 - 13:27 16-12-2015 - 16:59
CVE-2015-7858 7.5
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
07-12-2016 - 13:25 29-10-2015 - 16:59
CVE-2015-7857 7.5
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.p
07-12-2016 - 13:25 29-10-2015 - 16:59
CVE-2015-7297 7.5
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
07-12-2016 - 13:23 29-10-2015 - 16:59
CVE-2013-4316 10.0
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
07-12-2016 - 12:34 30-09-2013 - 17:55
CVE-2016-4004 4.0
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
02-12-2016 - 22:27 12-04-2016 - 13:59
CVE-2015-2859 5.8
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt
02-12-2016 - 22:07 23-06-2015 - 17:59
CVE-2015-2053 4.3
The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-
29-11-2016 - 22:00 23-02-2015 - 12:59
CVE-2013-2186 7.5
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name i
28-11-2016 - 14:09 28-10-2013 - 17:55
CVE-2006-6367 7.5
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by
18-11-2016 - 12:24 07-12-2006 - 06:28
CVE-2016-8869 7.5
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
07-11-2016 - 14:15 04-11-2016 - 17:59
CVE-2016-8870 6.8
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Al
07-11-2016 - 14:15 04-11-2016 - 17:59
CVE-2005-4428 4.3
Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.
17-10-2016 - 23:38 20-12-2005 - 18:03
CVE-2005-4427 7.5
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_pars
17-10-2016 - 23:38 20-12-2005 - 18:03
CVE-2005-2954 7.5
SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
17-10-2016 - 23:31 16-09-2005 - 18:03
CVE-2005-2848 5.0
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
17-10-2016 - 23:30 08-09-2005 - 06:03
CVE-2005-2847 7.5
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
17-10-2016 - 23:30 08-09-2005 - 06:03
CVE-2005-2782 7.5
PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http"
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-1948 7.5
Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.
17-10-2016 - 23:23 09-06-2005 - 00:00
CVE-2005-1946 7.5
Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme a
17-10-2016 - 23:23 09-06-2005 - 00:00
CVE-2005-1945 4.3
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data.
17-10-2016 - 23:23 09-06-2005 - 00:00
CVE-2005-1871 7.5
Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."
17-10-2016 - 23:23 09-06-2005 - 00:00
CVE-2005-1483 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter.
17-10-2016 - 23:19 11-05-2005 - 00:00
CVE-2005-1482 7.5
ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie.
17-10-2016 - 23:19 11-05-2005 - 00:00
CVE-2005-1377 7.5
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1376 7.5
Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files.
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1375 7.5
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1374 6.8
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agend
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1222 7.5
cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-1203 7.5
Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-1202 6.8
Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-0694 5.0
Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv.
17-10-2016 - 23:13 07-03-2005 - 00:00
CVE-2004-2124 5.0
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than C
17-10-2016 - 23:06 31-12-2004 - 00:00
CVE-2004-1865 1.9
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally
17-10-2016 - 23:01 26-03-2004 - 00:00
CVE-2004-1770 10.0
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
17-10-2016 - 23:00 11-03-2004 - 00:00
CVE-2004-1769 10.0
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
17-10-2016 - 23:00 11-03-2004 - 00:00
CVE-2004-1582 7.5
PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as
17-10-2016 - 22:57 31-12-2004 - 00:00
CVE-2004-1570 7.5
SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter.
17-10-2016 - 22:56 31-12-2004 - 00:00
CVE-2004-1552 7.5
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
17-10-2016 - 22:56 31-12-2004 - 00:00
CVE-2004-1405 7.5
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-0300 10.0
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_br
17-10-2016 - 22:43 23-11-2004 - 00:00
CVE-2004-0200 9.3
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to
17-10-2016 - 22:41 28-09-2004 - 00:00
CVE-2003-0488 5.1
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.
17-10-2016 - 22:34 07-08-2003 - 00:00
CVE-2003-0487 7.5
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add
17-10-2016 - 22:34 07-08-2003 - 00:00
CVE-2003-0394 7.5
objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site.
17-10-2016 - 22:33 02-07-2003 - 00:00
CVE-2003-0154 6.8
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various p
17-10-2016 - 22:30 02-04-2003 - 00:00
CVE-2003-0153 5.0
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
17-10-2016 - 22:30 02-04-2003 - 00:00
CVE-2002-1361 10.0
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.
17-10-2016 - 22:26 23-12-2002 - 00:00
CVE-2002-0282 5.0
DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the
17-10-2016 - 22:18 31-05-2002 - 00:00
CVE-2002-0232 5.0
Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi.
17-10-2016 - 22:17 29-05-2002 - 00:00
CVE-2001-0899 7.5
Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.
17-10-2016 - 22:12 16-11-2001 - 00:00
CVE-2001-0871 7.5
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name follow
17-10-2016 - 22:12 21-12-2001 - 00:00
CVE-2001-0857 7.5
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
17-10-2016 - 22:12 06-12-2001 - 00:00
CVE-2001-0834 6.4
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such
17-10-2016 - 22:12 06-12-2001 - 00:00
CVE-2000-1050 5.0
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
17-10-2016 - 22:08 11-12-2000 - 00:00
CVE-2000-1024 10.0
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.
17-10-2016 - 22:08 11-12-2000 - 00:00
CVE-2000-0138 5.0
A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft.
17-10-2016 - 22:06 02-05-2000 - 00:00
CVE-2000-0113 7.5
The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics.
17-10-2016 - 22:06 27-01-2000 - 00:00
CVE-1999-1550 5.0
bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.
17-10-2016 - 22:05 08-11-1999 - 00:00
CVE-1999-1508 10.0
Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html.
17-10-2016 - 22:05 16-11-1999 - 00:00
CVE-1999-0947 7.5
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.
17-10-2016 - 21:59 02-11-1999 - 00:00
CVE-2013-3437 6.5
SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.
16-09-2016 - 14:03 23-07-2013 - 07:03
CVE-2008-5077 5.8
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
22-08-2016 - 21:59 07-01-2009 - 12:30
CVE-2014-3679 5.0
The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages.
15-07-2016 - 11:01 16-10-2014 - 15:55
CVE-2014-3678 4.3
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15-07-2016 - 11:01 10-10-2014 - 10:55
CVE-2014-3681 4.3
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
28-06-2016 - 13:17 15-10-2014 - 10:55
CVE-2007-4629 7.5
Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
15-06-2016 - 12:28 30-08-2007 - 21:17
CVE-2014-3680 4.0
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
15-06-2016 - 10:34 16-10-2014 - 15:55
CVE-2014-3667 4.0
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
15-06-2016 - 10:34 16-10-2014 - 15:55
CVE-2014-3666 7.5
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
15-06-2016 - 10:33 16-10-2014 - 15:55
CVE-2014-3664 4.0
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
15-06-2016 - 10:33 15-10-2014 - 10:55
CVE-2014-3663 6.0
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
15-06-2016 - 09:36 16-10-2014 - 15:55
CVE-2014-3662 5.0
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
14-06-2016 - 14:48 16-10-2014 - 15:55
CVE-2014-3661 5.0
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
13-06-2016 - 19:45 16-10-2014 - 15:55
CVE-2014-9402 7.8
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive
10-06-2016 - 17:24 24-02-2015 - 10:59
CVE-2001-0780 5.0
Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter.
25-05-2016 - 13:38 18-10-2001 - 00:00
CVE-2014-7228 7.5
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through
09-05-2016 - 11:36 03-11-2014 - 17:55
CVE-2016-0710 7.5
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
20-04-2016 - 14:24 11-04-2016 - 10:59
CVE-2014-1869 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF q
23-03-2016 - 10:55 07-02-2014 - 19:55
CVE-2015-8565 7.5
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
17-12-2015 - 12:30 16-12-2015 - 16:59
CVE-2015-8564 7.5
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
17-12-2015 - 12:30 16-12-2015 - 16:59
CVE-2015-8563 6.8
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
17-12-2015 - 12:28 16-12-2015 - 16:59
CVE-2014-7140 7.5
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vec
25-11-2015 - 15:35 21-10-2014 - 10:55
CVE-2015-7859 5.0
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
30-10-2015 - 15:40 29-10-2015 - 16:59
CVE-2015-7899 5.0
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
30-10-2015 - 15:37 29-10-2015 - 16:59
CVE-2011-4048 4.3
The Dell KACE K2000 System Deployment Appliance has a default username and password for the read-only reporting account, which makes it easier for remote attackers to obtain sensitive information from the database by leveraging the default credential
02-10-2015 - 21:59 11-11-2011 - 19:55
CVE-2013-0140 7.9
SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication ch
29-09-2015 - 14:46 01-05-2013 - 08:00
CVE-2014-8580 4.9
Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users
02-12-2014 - 22:03 07-11-2014 - 14:55
CVE-2014-7229 5.0
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
09-10-2014 - 16:52 08-10-2014 - 15:55
CVE-2014-5350 5.0
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2
20-08-2014 - 13:55 19-08-2014 - 15:55
CVE-2014-2969 8.3
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary co
07-07-2014 - 15:14 07-07-2014 - 07:01
CVE-2014-2933 5.0
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.
01-07-2014 - 13:56 08-05-2014 - 06:55
CVE-2014-2935 10.0
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.
16-05-2014 - 00:26 08-05-2014 - 06:55
CVE-2013-0141 4.3
Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing
09-05-2014 - 23:49 01-05-2013 - 08:00
CVE-2014-2601 7.8
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.
05-05-2014 - 01:34 24-04-2014 - 19:55
CVE-2013-5117 7.5
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
13-03-2014 - 12:06 12-03-2014 - 10:55
CVE-2013-6031 4.3
The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-setti
11-03-2014 - 10:11 11-03-2014 - 09:00
CVE-2013-3242 5.5
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and caus
07-03-2014 - 08:46 03-05-2013 - 07:57
CVE-2013-5034 10.0
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033.
13-01-2014 - 11:19 12-01-2014 - 13:34
CVE-2013-5033 10.0
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034.
13-01-2014 - 11:18 12-01-2014 - 13:34
CVE-2013-5032 10.0
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034.
13-01-2014 - 11:16 12-01-2014 - 13:34
CVE-2013-5031 10.0
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034.
13-01-2014 - 11:14 12-01-2014 - 13:34
CVE-2013-2751 10.0
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to th
13-12-2013 - 12:19 12-12-2013 - 13:55
CVE-2012-6081 6.0
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary cod
13-12-2013 - 00:08 02-01-2013 - 20:55
CVE-2013-5688 5.5
Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_c
06-11-2013 - 13:55 05-11-2013 - 16:55
CVE-2013-6349 8.5
McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
04-11-2013 - 18:53 02-11-2013 - 17:55
CVE-2010-5191 9.3
Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) re
11-10-2013 - 10:48 26-08-2012 - 15:55
CVE-2013-2240 7.5
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138.
10-10-2013 - 16:27 09-10-2013 - 20:55
CVE-2013-2241 5.0
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.
10-10-2013 - 16:26 09-10-2013 - 20:55
CVE-2013-4785 10.0
The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: t
26-09-2013 - 23:47 08-07-2013 - 18:55
CVE-2010-0696 5.0
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
21-08-2013 - 02:18 23-02-2010 - 13:30
CVE-2010-3313 7.5
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows
18-08-2013 - 02:14 22-09-2010 - 15:00
CVE-2013-3925 5.8
Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML e
02-07-2013 - 00:00 01-07-2013 - 17:55
CVE-2013-3267 4.3
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
03-05-2013 - 14:23 03-05-2013 - 07:57
CVE-2013-3059 4.3
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
03-05-2013 - 14:19 03-05-2013 - 07:57
CVE-2013-3058 4.3
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
03-05-2013 - 00:00 03-05-2013 - 07:57
CVE-2013-3057 4.0
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
03-05-2013 - 00:00 03-05-2013 - 07:57
CVE-2013-3056 4.0
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
03-05-2013 - 00:00 03-05-2013 - 07:57
CVE-2012-5671 6.8
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers t
18-04-2013 - 23:26 31-10-2012 - 12:55
CVE-2012-4596 4.3
Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL.
10-04-2013 - 23:31 22-08-2012 - 06:42
CVE-2013-1454 5.0
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
26-03-2013 - 00:00 12-02-2013 - 20:55
CVE-2013-1453 7.5
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and poss
06-03-2013 - 00:00 12-02-2013 - 20:55
CVE-2012-3001 8.5
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."
01-03-2013 - 23:42 22-10-2012 - 12:55
CVE-2012-4933 7.8
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows
13-02-2013 - 23:57 20-10-2012 - 14:55
CVE-2013-1455 5.0
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
13-02-2013 - 13:01 12-02-2013 - 20:55
CVE-2012-5967 6.5
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
29-01-2013 - 00:00 19-12-2012 - 06:55
CVE-2008-3498 7.5
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from
24-01-2013 - 00:00 06-08-2008 - 14:41
CVE-2012-6495 6.0
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files
07-01-2013 - 00:00 02-01-2013 - 20:55
CVE-2006-5031 5.0
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" a
15-11-2012 - 00:00 27-09-2006 - 19:07
CVE-2010-1429 5.0
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demon
05-11-2012 - 23:39 28-04-2010 - 18:30
CVE-2008-3273 5.0
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by
05-11-2012 - 23:05 10-08-2008 - 16:41
CVE-2007-0246 6.8
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
05-11-2012 - 22:30 29-05-2007 - 17:30
CVE-2008-2076 7.5
Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter.
29-10-2012 - 23:11 05-05-2008 - 12:20
CVE-2012-0744 5.0
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) H
20-08-2012 - 00:00 17-08-2012 - 16:55
CVE-2012-2395 7.5
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
21-07-2012 - 23:37 15-06-2012 - 20:55
CVE-2009-1418 4.3
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
23-03-2012 - 00:00 19-05-2009 - 15:30
CVE-2012-0077 3.5
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console.
30-01-2012 - 23:08 18-01-2012 - 17:55
CVE-2011-4046 5.0
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code.
15-11-2011 - 00:00 11-11-2011 - 19:55
CVE-2011-4436 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14-11-2011 - 00:00 11-11-2011 - 19:55
CVE-2011-4047 9.3
The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access.
14-11-2011 - 00:00 11-11-2011 - 19:55
CVE-2008-1119 5.0
Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
10-11-2011 - 00:00 03-03-2008 - 17:44
CVE-2007-6485 7.5
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitori
10-11-2011 - 00:00 20-12-2007 - 15:46
CVE-2009-0932 6.4
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image
21-09-2011 - 23:07 17-03-2009 - 17:30
CVE-2006-2286 6.8
Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineReposi
08-09-2011 - 00:00 09-05-2006 - 22:14
CVE-2006-2685 4.0
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.p
23-08-2011 - 00:00 31-05-2006 - 06:06
CVE-2006-1781 7.5
PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: It was later reported that 1.4.2 and earlier are affect
22-08-2011 - 00:00 13-04-2006 - 06:02
CVE-2008-5517 7.5
The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.
06-06-2011 - 00:00 13-01-2009 - 12:00
CVE-2006-1491 7.5
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
13-05-2011 - 00:00 29-03-2006 - 17:02
CVE-2009-4625 7.5
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute a
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2011-1715 5.0
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (enc
19-04-2011 - 00:00 18-04-2011 - 14:55
CVE-2006-6239 7.5
webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password.
10-03-2011 - 00:00 03-12-2006 - 14:28
CVE-2008-5642 5.0
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-4620 7.5
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
07-03-2011 - 22:12 20-10-2008 - 21:18
CVE-2008-3488 7.5
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors.
07-03-2011 - 22:10 06-08-2008 - 13:41
CVE-2008-3166 9.3
PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter.
07-03-2011 - 22:10 14-07-2008 - 19:41
CVE-2008-2384 7.5
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encodin
07-03-2011 - 22:09 22-01-2009 - 13:30
CVE-2008-0782 5.0
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code executio
07-03-2011 - 22:05 14-02-2008 - 16:00
CVE-2007-5844 7.5
Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion
07-03-2011 - 22:01 06-11-2007 - 16:46
CVE-2007-4542 4.3
Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError functi
07-03-2011 - 21:58 27-08-2007 - 17:17
CVE-2007-4128 7.5
SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action.
07-03-2011 - 21:57 01-08-2007 - 12:17
CVE-2007-4053 7.5
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.
07-03-2011 - 21:57 30-07-2007 - 13:30
CVE-2007-3502 7.5
Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories.
07-03-2011 - 21:56 29-06-2007 - 21:30
CVE-2007-0979 5.0
Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL."
07-03-2011 - 21:51 15-02-2007 - 20:28
CVE-2007-0845 7.5
admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.
07-03-2011 - 21:50 08-02-2007 - 13:28
CVE-2007-0676 6.8
SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 21:50 02-02-2007 - 20:28
CVE-2007-0388 7.5
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
07-03-2011 - 21:49 19-01-2007 - 18:28
CVE-2006-7071 7.5
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
07-03-2011 - 21:47 02-03-2007 - 16:18
CVE-2006-6770 6.8
Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php,
07-03-2011 - 21:46 27-12-2006 - 18:28
CVE-2006-6419 7.5
jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. NOTE
07-03-2011 - 21:45 10-12-2006 - 06:28
CVE-2006-6354 7.5
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
07-03-2011 - 21:45 06-12-2006 - 20:28
CVE-2006-6343 6.8
SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 21:45 06-12-2006 - 20:28
CVE-2006-6237 7.5
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.
07-03-2011 - 21:45 03-12-2006 - 14:28
CVE-2006-5786 7.5
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
07-03-2011 - 21:43 07-11-2006 - 18:07
CVE-2006-5673 6.8
PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.
07-03-2011 - 21:43 02-11-2006 - 20:07
CVE-2006-5449 6.5
procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule.
07-03-2011 - 21:43 23-10-2006 - 13:07
CVE-2006-5428 5.0
rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
07-03-2011 - 21:43 20-10-2006 - 13:07
CVE-2006-5210 5.0
Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/").
07-03-2011 - 21:42 16-10-2006 - 19:07
CVE-2006-5185 7.5
Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function.
07-03-2011 - 21:42 10-10-2006 - 00:06
CVE-2006-5099 7.5
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when in
07-03-2011 - 21:42 29-09-2006 - 19:07
CVE-2006-5098 5.0
lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.
07-03-2011 - 21:42 29-09-2006 - 19:07
CVE-2006-4963 6.4
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonst
07-03-2011 - 21:42 23-09-2006 - 06:07
CVE-2006-4957 7.5
SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php.
07-03-2011 - 21:42 23-09-2006 - 06:07
CVE-2006-4859 7.5
Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double
07-03-2011 - 21:42 19-09-2006 - 14:07
CVE-2006-4468 6.8
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the la
07-03-2011 - 21:40 31-08-2006 - 16:04
CVE-2006-3623 5.0
Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageTy
07-03-2011 - 21:39 18-07-2006 - 11:46
CVE-2006-2868 5.1
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.
07-03-2011 - 21:37 06-06-2006 - 16:06
CVE-2006-2529 5.0
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is relate
07-03-2011 - 21:36 22-05-2006 - 19:10
CVE-2006-2261 7.5
PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
07-03-2011 - 21:35 09-05-2006 - 06:02
CVE-2006-2237 5.1
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
07-03-2011 - 21:35 08-05-2006 - 19:02
CVE-2006-2152 7.5
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
07-03-2011 - 21:35 03-05-2006 - 06:02
CVE-2006-2149 6.4
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by inclu
07-03-2011 - 21:35 03-05-2006 - 06:02
CVE-2006-2142 6.4
PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.
07-03-2011 - 21:35 02-05-2006 - 06:02
CVE-2006-2039 7.5
Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
07-03-2011 - 21:34 26-04-2006 - 14:06
CVE-2006-1718 5.0
Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc.
07-03-2011 - 21:33 11-04-2006 - 19:02
CVE-2006-1596 7.5
PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter.
07-03-2011 - 21:33 03-04-2006 - 06:04
CVE-2006-1595 4.3
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
07-03-2011 - 21:33 03-04-2006 - 06:04
CVE-2006-1594 7.5
Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtm
07-03-2011 - 21:33 03-04-2006 - 06:04
CVE-2006-1505 5.0
base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes".
07-03-2011 - 21:33 29-03-2006 - 20:06
CVE-2006-1348 4.3
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this iss
07-03-2011 - 21:32 21-03-2006 - 20:02
CVE-2006-1347 7.5
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
07-03-2011 - 21:32 21-03-2006 - 20:02
CVE-2006-1346 6.4
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by i
07-03-2011 - 21:32 21-03-2006 - 20:02
CVE-2006-0656 5.0
Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006.
07-03-2011 - 21:30 13-02-2006 - 06:06
CVE-2006-0520 7.5
SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provenance of this information is unknown; the details are
07-03-2011 - 21:30 02-02-2006 - 06:02
CVE-2006-0125 5.0
Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party i
07-03-2011 - 21:29 09-01-2006 - 06:03
CVE-2005-4031 7.5
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.
07-03-2011 - 21:27 06-12-2005 - 06:03
CVE-2005-3976 7.5
SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUne
07-03-2011 - 21:27 03-12-2005 - 14:03
CVE-2005-3639 7.5
PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability.
07-03-2011 - 21:26 16-11-2005 - 16:22
CVE-2005-3470 7.5
SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands.
07-03-2011 - 21:26 02-11-2005 - 18:02
CVE-2005-3336 7.5
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
07-03-2011 - 21:26 27-10-2005 - 06:02
CVE-2005-3335 7.5
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
07-03-2011 - 21:26 27-10-2005 - 06:02
CVE-2005-3096 7.5
Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter.
07-03-2011 - 21:25 28-09-2005 - 18:03
CVE-2005-3095 7.5
Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers to execute arbitrary commands via shell metacharacters in the from parameter.
07-03-2011 - 21:25 28-09-2005 - 18:03
CVE-2005-3094 7.5
Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter.
07-03-2011 - 21:25 28-09-2005 - 18:03
CVE-2005-3072 7.5
SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
07-03-2011 - 21:25 27-09-2005 - 15:03
CVE-2005-2989 7.5
Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php
07-03-2011 - 21:25 19-09-2005 - 20:03
CVE-2005-2616 7.5
Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php.
07-03-2011 - 21:24 17-08-2005 - 00:00
CVE-2005-2157 5.0
PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter.
07-03-2011 - 21:23 06-07-2005 - 00:00
CVE-2005-2020 5.0
Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.
07-03-2011 - 21:23 08-09-2005 - 06:03
CVE-2005-1642 7.5
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
07-03-2011 - 21:22 17-05-2005 - 00:00
CVE-2004-2727 4.3
Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request.
07-03-2011 - 21:19 31-12-2004 - 00:00
CVE-2004-2603 4.3
Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php.
07-03-2011 - 21:19 31-12-2004 - 00:00
CVE-2002-1581 5.0
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.
07-03-2011 - 21:10 06-12-2004 - 00:00
CVE-2006-4844 5.1
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] param
07-03-2011 - 00:00 18-09-2006 - 21:07
CVE-2010-4100 5.0
Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors.
21-01-2011 - 01:53 01-11-2010 - 22:26
CVE-2010-4103 5.0
Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
11-11-2010 - 01:50 01-11-2010 - 22:26
CVE-2010-3986 5.0
Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.
11-11-2010 - 01:50 26-10-2010 - 14:00
CVE-2010-4184 5.0
NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network.
11-11-2010 - 00:00 05-11-2010 - 13:00
CVE-2006-3017 9.3
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the varia
15-09-2010 - 00:00 14-06-2006 - 19:02
CVE-2008-5814 2.6
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear
21-08-2010 - 01:27 02-01-2009 - 13:11
CVE-2010-2540 10.0
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.
12-08-2010 - 10:28 02-08-2010 - 18:00
CVE-2010-2907 7.5
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.
29-07-2010 - 00:00 28-07-2010 - 17:30
CVE-2009-4938 7.5
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
23-07-2010 - 00:00 22-07-2010 - 01:40
CVE-2010-1476 6.8
Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.ph
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-2128 7.5
Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
02-06-2010 - 00:00 01-06-2010 - 17:30
CVE-2010-1535 7.5
Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
24-05-2010 - 00:00 26-04-2010 - 14:30
CVE-2010-1533 7.5
Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
24-05-2010 - 00:00 26-04-2010 - 14:30
CVE-2010-1531 7.5
Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
24-05-2010 - 00:00 26-04-2010 - 14:30
CVE-2010-1983 7.5
Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are
21-05-2010 - 00:00 19-05-2010 - 16:00
CVE-2010-1313 4.3
Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
09-04-2010 - 00:00 08-04-2010 - 16:30
CVE-2009-4099 7.5
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these deta
19-12-2009 - 01:59 29-11-2009 - 08:08
CVE-2009-0840 10.0
Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.
27-10-2009 - 01:24 31-03-2009 - 14:24
CVE-2009-2281 10.0
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a lar
26-10-2009 - 00:00 23-10-2009 - 14:30
CVE-2009-3417 7.5
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
28-09-2009 - 00:00 25-09-2009 - 18:30
CVE-2008-6881 7.5
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
27-08-2009 - 00:00 30-07-2009 - 15:30
CVE-2008-7086 7.5
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
26-08-2009 - 00:00 26-08-2009 - 10:24
CVE-2009-2144 7.5
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
21-08-2009 - 00:00 22-06-2009 - 10:30
CVE-2008-6883 7.5
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the detai
19-08-2009 - 01:24 30-07-2009 - 16:00
CVE-2008-5991 7.5
Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter.
19-08-2009 - 01:22 28-01-2009 - 10:30
CVE-2008-3486 7.5
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via
19-08-2009 - 01:17 06-08-2008 - 13:41
CVE-2008-3322 7.5
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
19-08-2009 - 01:17 25-07-2008 - 12:41
CVE-2008-3321 7.5
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
19-08-2009 - 01:17 25-07-2008 - 12:41
CVE-2008-3319 7.5
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
19-08-2009 - 01:17 25-07-2008 - 12:41
CVE-2008-3318 7.5
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
19-08-2009 - 01:17 25-07-2008 - 12:41
CVE-2008-3317 7.5
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
19-08-2009 - 01:17 25-07-2008 - 12:41
CVE-2008-6833 10.0
Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] par
13-08-2009 - 01:30 22-06-2009 - 16:30
CVE-2008-3167 9.3
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in
12-08-2009 - 01:18 14-07-2008 - 19:41
CVE-2009-2313 7.5
Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter.
02-07-2009 - 00:00 02-07-2009 - 06:30
CVE-2009-2143 7.5
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.
24-06-2009 - 00:00 22-06-2009 - 10:30
CVE-2009-2102 7.5
SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.
23-06-2009 - 01:33 17-06-2009 - 13:30
CVE-2009-1960 9.3
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remo
23-06-2009 - 01:33 07-06-2009 - 21:00
CVE-2009-1770 7.5
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
09-06-2009 - 01:34 22-05-2009 - 14:30
CVE-2009-1604 7.5
Unspecified vulnerability in LimeSurvey before 1.82 allows remote attackers to execute commands and obtain sensitive data via unknown attack vectors related to /admin/remotecontrol/.
23-05-2009 - 01:31 11-05-2009 - 16:00
CVE-2009-1231 10.0
Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors.
16-04-2009 - 01:38 02-04-2009 - 13:30
CVE-2005-1017 7.5
SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp.
03-04-2009 - 00:00 02-05-2005 - 00:00
CVE-2005-0735 10.0
newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.
03-04-2009 - 00:00 02-05-2005 - 00:00
CVE-2008-5208 7.5
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
01-04-2009 - 01:38 24-11-2008 - 12:30
CVE-2009-0726 7.5
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
25-02-2009 - 00:00 24-02-2009 - 18:30
CVE-2009-0645 6.5
Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445
21-02-2009 - 00:00 18-02-2009 - 18:30
CVE-2008-3681 7.5
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
06-02-2009 - 01:58 14-08-2008 - 15:41
CVE-2009-0421 7.5
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
05-02-2009 - 00:00 04-02-2009 - 19:30
CVE-2009-0113 5.0
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
29-01-2009 - 02:01 09-01-2009 - 13:30
CVE-2008-5582 7.5
SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter.
29-01-2009 - 01:59 15-12-2008 - 13:00
CVE-2007-6656 7.5
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
15-11-2008 - 02:05 04-01-2008 - 06:46
CVE-2007-3932 7.5
uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in t
15-11-2008 - 01:54 20-07-2007 - 20:30
CVE-2007-3938 7.5
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability
15-11-2008 - 00:00 20-07-2007 - 20:30
CVE-2005-4309 7.5
SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.
20-09-2008 - 00:42 16-12-2005 - 19:03
CVE-2005-4308 7.5
index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter.
20-09-2008 - 00:42 16-12-2005 - 19:03
CVE-2004-1003 5.0
Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file.
10-09-2008 - 15:28 01-03-2005 - 00:00
CVE-2002-1710 3.6
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.
10-09-2008 - 15:15 31-12-2002 - 00:00
CVE-2002-1272 10.0
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
10-09-2008 - 15:14 11-12-2002 - 00:00
CVE-2001-0329 7.5
Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.
10-09-2008 - 15:07 27-06-2001 - 00:00
CVE-2000-0629 7.5
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.
10-09-2008 - 15:05 12-07-2000 - 00:00
CVE-2000-0432 7.5
The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters.
10-09-2008 - 15:04 16-05-2000 - 00:00
CVE-2000-0421 7.5
The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters.
10-09-2008 - 15:04 11-05-2000 - 00:00
CVE-2000-0254 5.0
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.
10-09-2008 - 15:03 14-04-2000 - 00:00
CVE-2000-0253 10.0
The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.
10-09-2008 - 15:03 11-04-2000 - 00:00
CVE-2000-0252 5.0
The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.
10-09-2008 - 15:03 11-04-2000 - 00:00
CVE-1999-0885 3.6
Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.
09-09-2008 - 08:36 03-11-1999 - 00:00
CVE-1999-0678 5.0
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
09-09-2008 - 08:35 17-01-1999 - 00:00
CVE-1999-0508 4.6
An account on a router, firewall, or other network device has a default, null, blank, or missing password.
09-09-2008 - 08:34 01-06-1998 - 00:00
CVE-1999-0502 7.5
A Unix account has a default, null, blank, or missing password.
09-09-2008 - 08:34 01-03-1998 - 00:00
CVE-1999-0264 5.0
htmlscript CGI program allows remote read access to files.
09-09-2008 - 08:34 27-01-1998 - 00:00
CVE-1999-0158 5.0
Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known.
09-09-2008 - 08:33 31-08-1998 - 00:00
CVE-1999-0147 7.5
The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands.
09-09-2008 - 08:33 01-07-1997 - 00:00
CVE-1999-0045 7.5
List of arbitrary files on Web host via nph-test-cgi script.
09-09-2008 - 08:33 10-12-1996 - 00:00
CVE-2008-1626 7.5
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
05-09-2008 - 17:38 02-04-2008 - 13:44
CVE-2008-1427 7.5
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.
05-09-2008 - 17:37 20-03-2008 - 14:44
CVE-2008-0561 7.5
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
05-09-2008 - 17:35 04-02-2008 - 18:00
CVE-2008-0159 6.8
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.
05-09-2008 - 17:34 08-01-2008 - 19:46
CVE-2008-0139 6.8
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.
05-09-2008 - 17:34 08-01-2008 - 14:46
CVE-2006-6577 6.8
SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
05-09-2008 - 17:15 15-12-2006 - 14:28
CVE-2006-6289 6.8
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands vi
05-09-2008 - 17:14 05-12-2006 - 06:28
CVE-2006-3577 7.5
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.
05-09-2008 - 17:07 13-07-2006 - 06:05
CVE-2006-1653 7.5
PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter.
05-09-2008 - 17:02 06-04-2006 - 06:04
CVE-2005-4711 6.8
SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third p
05-09-2008 - 16:57 31-12-2005 - 00:00
CVE-2005-3339 7.2
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
05-09-2008 - 16:54 27-10-2005 - 06:02
CVE-2005-3338 5.0
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
05-09-2008 - 16:54 27-10-2005 - 06:02
CVE-2005-3337 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
05-09-2008 - 16:54 27-10-2005 - 06:02
CVE-2005-3167 4.3
Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site sc
05-09-2008 - 16:53 06-10-2005 - 06:02
CVE-2005-3166 5.0
Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL.
05-09-2008 - 16:53 06-10-2005 - 06:02
CVE-2005-3097 5.0
Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable.
05-09-2008 - 16:53 28-09-2005 - 18:03
CVE-2005-3091 4.3
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
05-09-2008 - 16:53 28-09-2005 - 18:03
CVE-2005-3073 5.0
Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL
05-09-2008 - 16:53 27-09-2005 - 15:03
CVE-2005-2812 7.5
man2web allows remote attackers to execute arbitrary commands via -P arguments.
05-09-2008 - 16:52 07-09-2005 - 14:03
CVE-2005-2684 7.5
nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query.
05-09-2008 - 16:52 23-08-2005 - 00:00
CVE-2005-2247 10.0
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.
05-09-2008 - 16:51 12-07-2005 - 00:00
CVE-2005-2174 2.6
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL
05-09-2008 - 16:51 08-07-2005 - 00:00
CVE-2005-2173 5.0
The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug su
05-09-2008 - 16:51 08-07-2005 - 00:00
CVE-2005-2152 7.5
SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.
05-09-2008 - 16:51 06-07-2005 - 00:00
CVE-2005-1959 7.5
jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute arbitrary commands via shell metacharacters in the mail parameter.
05-09-2008 - 16:50 12-06-2005 - 00:00
CVE-2005-1897 10.0
Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors.
05-09-2008 - 16:50 09-06-2005 - 00:00
CVE-2005-1779 7.5
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
05-09-2008 - 16:50 31-05-2005 - 00:00
CVE-2005-1674 7.5
Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.
05-09-2008 - 16:49 19-05-2005 - 00:00
CVE-2005-1673 7.5
Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5)
05-09-2008 - 16:49 19-05-2005 - 00:00
CVE-2005-1672 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body wh
05-09-2008 - 16:49 19-05-2005 - 00:00
CVE-2005-1659 4.3
Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event.
05-09-2008 - 16:49 18-05-2005 - 00:00
CVE-2005-1658 5.0
Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot).
05-09-2008 - 16:49 18-05-2005 - 00:00
CVE-2005-1654 7.5
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
05-09-2008 - 16:49 18-05-2005 - 00:00
CVE-2005-1595 5.0
CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request.
05-09-2008 - 16:49 16-05-2005 - 00:00
CVE-2005-1594 7.5
SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
05-09-2008 - 16:49 16-05-2005 - 00:00
CVE-2005-1593 6.8
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
05-09-2008 - 16:49 16-05-2005 - 00:00
CVE-2005-1580 7.5
users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.
05-09-2008 - 16:49 11-05-2005 - 00:00
CVE-2005-1417 7.5
Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) argume
05-09-2008 - 16:49 03-05-2005 - 00:00
CVE-2005-1310 7.5
SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
05-09-2008 - 16:48 23-04-2005 - 00:00
CVE-2005-1309 4.3
Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text.
05-09-2008 - 16:48 02-05-2005 - 00:00
CVE-2005-1250 7.5
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) P
05-09-2008 - 16:48 22-06-2005 - 00:00
CVE-2005-1129 2.1
eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.
05-09-2008 - 16:48 02-05-2005 - 00:00
CVE-2005-1016 4.3
Cross-site scripting (XSS) vulnerability in links_add_form.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL.
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2005-0858 7.5
Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php.
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2005-0857 4.3
Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter.
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2005-0512 7.5
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different v
05-09-2008 - 16:46 21-02-2005 - 00:00
CVE-2005-0438 5.0
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.
05-09-2008 - 16:46 02-05-2005 - 00:00
CVE-2005-0437 7.5
Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.
05-09-2008 - 16:46 02-05-2005 - 00:00
CVE-2005-0436 7.5
Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.
05-09-2008 - 16:46 02-05-2005 - 00:00
CVE-2005-0116 7.5
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
05-09-2008 - 16:45 18-01-2005 - 00:00
CVE-2004-2732 4.3
nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key.
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2602 6.8
PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php.
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2500 10.0
Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2456 7.5
SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action.
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2308 4.3
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2275 10.0
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2209 7.5
SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2208 5.0
CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2207 4.3
Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2202 7.5
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp,
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2201 7.5
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2200 4.3
Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2199 4.3
Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2198 6.4
account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2187 5.0
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2186 7.5
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2185 6.8
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2178 7.5
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2177 4.3
Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2152 4.3
Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-1796 7.5
PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.
05-09-2008 - 16:42 31-12-2004 - 00:00
CVE-2004-1757 4.6
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
05-09-2008 - 16:42 31-12-2004 - 00:00
CVE-2004-1318 4.3
Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being
05-09-2008 - 16:40 06-01-2005 - 00:00
CVE-2004-0301 6.8
Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter.
05-09-2008 - 16:38 23-11-2004 - 00:00
CVE-2003-1535 5.0
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message.
05-09-2008 - 16:37 31-12-2003 - 00:00
CVE-2003-1534 4.3
Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables.
05-09-2008 - 16:37 31-12-2003 - 00:00
CVE-2003-0603 2.1
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
05-09-2008 - 16:34 27-08-2003 - 00:00
CVE-2003-0602 6.8
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME
05-09-2008 - 16:34 27-08-2003 - 00:00
CVE-2003-0155 5.0
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.
05-09-2008 - 16:33 02-04-2003 - 00:00
CVE-2003-0152 7.5
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
05-09-2008 - 16:33 02-04-2003 - 00:00
CVE-2002-1711 2.1
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
05-09-2008 - 16:31 31-12-2002 - 00:00
CVE-2002-1709 6.4
SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.
05-09-2008 - 16:31 31-12-2002 - 00:00
CVE-2002-1582 10.0
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in
05-09-2008 - 16:30 06-12-2004 - 00:00
CVE-2002-1528 5.0
MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter.
05-09-2008 - 16:30 02-04-2003 - 00:00
CVE-2002-1484 7.5
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produ
05-09-2008 - 16:30 22-04-2003 - 00:00
CVE-2002-1483 5.0
db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot).
05-09-2008 - 16:30 22-04-2003 - 00:00
CVE-2002-1434 6.8
Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.
05-09-2008 - 16:30 11-04-2003 - 00:00
CVE-2002-0576 5.0
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
05-09-2008 - 16:28 18-06-2002 - 00:00
CVE-2002-0495 10.0
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2001-1544 5.0
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
05-09-2008 - 16:26 31-12-2001 - 00:00
CVE-2001-1510 5.0
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to t
05-09-2008 - 16:26 31-12-2001 - 00:00
CVE-2001-1150 5.0
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
05-09-2008 - 16:25 22-08-2001 - 00:00
CVE-2001-1114 7.5
book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter.
05-09-2008 - 16:25 13-08-2001 - 00:00
CVE-2001-0997 7.5
Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter.
05-09-2008 - 16:25 11-09-2001 - 00:00
CVE-2001-0561 7.5
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
05-09-2008 - 16:24 14-08-2001 - 00:00
CVE-2001-0484 6.4
Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing
05-09-2008 - 16:24 27-06-2001 - 00:00
CVE-2001-0437 5.0
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
05-09-2008 - 16:24 02-07-2001 - 00:00
CVE-2001-0436 7.5
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
05-09-2008 - 16:24 02-07-2001 - 00:00
CVE-2001-0200 5.0
HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled.
05-09-2008 - 16:23 03-05-2001 - 00:00
CVE-2001-0025 10.0
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2000-1161 7.5
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.
05-09-2008 - 16:22 09-01-2001 - 00:00
CVE-2000-1016 5.0
The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packag
05-09-2008 - 16:22 11-12-2000 - 00:00
CVE-2000-0782 5.0
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
05-09-2008 - 16:21 20-10-2000 - 00:00
CVE-2000-0682 5.0
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
05-09-2008 - 16:21 20-10-2000 - 00:00
CVE-2000-0674 5.0
ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack.
05-09-2008 - 16:21 12-07-2000 - 00:00
CVE-2000-0540 5.0
JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.
05-09-2008 - 16:21 22-06-2000 - 00:00
CVE-1999-1178 5.0
Sambar Server 4.1 beta allows remote attackers to obtain sensitive information about the server via an HTTP request for the dumpenv.pl script.
05-09-2008 - 16:18 10-06-1998 - 00:00
CVE-1999-1070 5.0
Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter.
05-09-2008 - 16:18 25-07-1998 - 00:00
CVE-1999-1069 5.0
Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter.
05-09-2008 - 16:18 08-11-1997 - 00:00
CVE-1999-1053 7.5
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allo
05-09-2008 - 16:18 13-09-1999 - 00:00
CVE-2008-3320 7.5
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
05-09-2008 - 00:00 25-07-2008 - 12:41
CVE-2008-1505 7.5
PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php.
05-09-2008 - 00:00 25-03-2008 - 15:44
CVE-2007-5812 5.0
Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
05-09-2008 - 00:00 05-11-2007 - 12:46
CVE-1999-0452 10.0
A service or application has a backdoor password that was placed there by the developer.
20-10-2005 - 00:00 01-01-1999 - 00:00
Back to Top Mark selected
Back to Top