Max CVSS 10.0 Min CVSS 2.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-7577 5.0
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy o
08-08-2019 - 15:43 16-02-2016 - 02:59
CVE-2000-0884 7.5
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
30-10-2018 - 16:25 19-12-2000 - 05:00
CVE-2006-2526 6.4
PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
18-10-2018 - 16:40 22-05-2006 - 22:02
CVE-2006-2548 7.5
Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.
18-10-2018 - 16:40 23-05-2006 - 10:06
CVE-2006-2518 2.6
Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.
18-10-2018 - 16:40 22-05-2006 - 22:02
CVE-2006-2520 5.0
Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (
18-10-2018 - 16:40 22-05-2006 - 22:02
CVE-2006-2516 5.1
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] t
18-10-2018 - 16:40 22-05-2006 - 22:02
CVE-2006-2519 2.6
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that th
18-10-2018 - 16:40 22-05-2006 - 22:02
CVE-2006-2550 5.1
perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548.
18-10-2018 - 16:40 23-05-2006 - 10:06
CVE-2006-2391 7.5
Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497. Failed exploit attempts will likely crash the application, den
18-10-2018 - 16:39 16-05-2006 - 01:02
CVE-2006-6421 6.0
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
17-10-2018 - 21:48 10-12-2006 - 11:28
CVE-2006-4758 4.6
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. Succ
17-10-2018 - 21:39 13-09-2006 - 23:07
CVE-2008-4625 7.5
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
29-09-2017 - 01:32 21-10-2008 - 01:18
CVE-2016-6232 5.0
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
28-11-2016 - 20:31 02-08-2016 - 16:59
CVE-2006-6839 10.0
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
05-09-2008 - 21:15 31-12-2006 - 05:00
CVE-2006-6840 10.0
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
05-09-2008 - 21:15 31-12-2006 - 05:00
CVE-2006-6841 10.0
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
05-09-2008 - 21:15 31-12-2006 - 05:00
Back to Top Mark selected
Back to Top