Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-14956 3.5
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to
13-05-2019 - 17:16 18-10-2017 - 18:29
CVE-2012-0013 9.3
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to e
26-02-2019 - 14:04 10-01-2012 - 21:55
CVE-2006-6255 7.5
Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the fil
19-10-2017 - 01:29 04-12-2006 - 11:28
CVE-2006-6202 7.5
PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter.
19-10-2017 - 01:29 01-12-2006 - 01:28
CVE-2000-0505 5.0
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10-10-2017 - 01:29 31-05-2000 - 04:00
CVE-2008-6467 7.5
SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job_id parameter.
29-09-2017 - 01:33 13-03-2009 - 10:30
CVE-2016-4431 5.0
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
09-08-2017 - 01:29 04-07-2016 - 22:59
CVE-2005-0863 4.3
Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to regi
11-07-2017 - 01:32 02-05-2005 - 04:00
CVE-2005-0838 7.5
Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long sele
11-07-2017 - 01:32 02-05-2005 - 04:00
CVE-2005-0837 5.0
IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot).
11-07-2017 - 01:32 02-05-2005 - 04:00
CVE-2005-0828 5.0
highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrate
11-07-2017 - 01:32 02-05-2005 - 04:00
CVE-2005-0807 7.5
Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniff
11-07-2017 - 01:32 02-05-2005 - 04:00
CVE-2004-1567 7.5
profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator.
11-07-2017 - 01:31 31-12-2004 - 05:00
CVE-2004-1566 4.3
Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter.
11-07-2017 - 01:31 31-12-2004 - 05:00
CVE-2014-9622 6.8
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.
01-07-2017 - 01:29 21-01-2015 - 18:59
CVE-2005-0836 10.0
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.
18-10-2016 - 03:15 02-05-2005 - 04:00
CVE-2005-0835 5.0
The SNMP service in the Belkin 54G (F5D7130) wireless router allows remote attackers to cause a denial of service via unknown vectors.
05-09-2008 - 20:47 02-05-2005 - 04:00
CVE-2005-0834 5.0
Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information.
05-09-2008 - 20:47 02-05-2005 - 04:00
CVE-2005-0833 7.5
Belkin 54G (F5D7130) wireless router allows remote attackers to access restricted resources by sniffing URIs from UPNP datagrams, then accessing those URIs, which do not require authentication.
05-09-2008 - 20:47 02-05-2005 - 04:00
CVE-2005-0832 4.3
Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
05-09-2008 - 20:47 02-05-2005 - 04:00
CVE-2005-0831 5.0
PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters.
05-09-2008 - 20:47 02-05-2005 - 04:00
CVE-2005-0812 5.0
The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information.
05-09-2008 - 20:47 02-05-2005 - 04:00
CVE-2005-0811 4.6
The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs.
05-09-2008 - 20:47 02-05-2005 - 04:00
CVE-2005-0810 7.5
SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL.
05-09-2008 - 20:47 02-05-2005 - 04:00
CVE-2005-0809 7.5
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obt
05-09-2008 - 20:47 02-05-2005 - 04:00
CVE-2005-0515 2.1
Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files.
05-09-2008 - 20:46 18-05-2005 - 04:00
Back to Top Mark selected
Back to Top