| Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-6464 | 5.0 |
viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart.
|
14-02-2024 - 01:17 | 11-12-2006 - 18:28 | |
| CVE-2006-6463 | 6.5 |
Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root.
|
14-02-2024 - 01:17 | 11-12-2006 - 18:28 | |
| CVE-2015-0421 | 6.9 |
Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process.
|
13-05-2022 - 14:57 | 21-01-2015 - 19:59 | |
| CVE-2016-0266 | 4.3 |
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
|
31-08-2021 - 15:44 | 08-08-2016 - 01:59 | |
| CVE-2006-6379 | 7.5 |
Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers t
|
09-04-2021 - 18:54 | 10-12-2006 - 19:28 | |
| CVE-2006-2386 | 6.8 |
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. If a end user is logged on with administrative user rights, an a
|
18-10-2018 - 16:39 | 13-12-2006 - 01:28 | |
| CVE-2006-6459 | 6.8 |
Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action).
|
17-10-2018 - 21:48 | 11-12-2006 - 17:28 | |
| CVE-2006-6383 | 4.6 |
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP v
|
17-10-2018 - 21:47 | 10-12-2006 - 20:28 | |
| CVE-2006-5577 | 4.3 |
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure V
|
17-10-2018 - 21:43 | 12-12-2006 - 20:28 | |
| CVE-2006-4702 | 6.8 |
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. A
|
17-10-2018 - 21:39 | 13-12-2006 - 01:28 | |
| CVE-2017-16914 | 7.1 |
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP pa
|
24-08-2018 - 10:29 | 31-01-2018 - 22:29 | |
| CVE-2017-16913 | 7.1 |
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a spec
|
24-08-2018 - 10:29 | 31-01-2018 - 22:29 | |
| CVE-2017-16912 | 7.1 |
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
|
24-08-2018 - 10:29 | 31-01-2018 - 22:29 | |
| CVE-2008-6525 | 7.5 |
SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field).
|
29-09-2017 - 01:33 | 25-03-2009 - 18:30 | |
| CVE-2006-6305 | 7.5 |
Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access.
|
29-07-2017 - 01:29 | 06-12-2006 - 22:28 | |
| CVE-2005-0268 | 7.5 |
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.
|
11-07-2017 - 01:32 | 03-01-2005 - 05:00 | |
| CVE-2005-0267 | 7.5 |
index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.
|
11-07-2017 - 01:32 | 02-05-2005 - 04:00 | |
| CVE-2006-6458 | 7.8 |
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU con
|
08-03-2011 - 02:46 | 11-12-2006 - 17:28 | |
| CVE-2000-1236 | 7.5 |
SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.
|
10-09-2008 - 19:06 | 31-12-2000 - 05:00 | |
| CVE-2000-1235 | 5.0 |
The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) f
|
05-09-2008 - 20:22 | 31-12-2000 - 05:00 |