| Max CVSS | 9.3 | Min CVSS | 1.2 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-1581 | 7.8 |
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3
|
11-08-2023 - 19:03 | 09-08-2010 - 11:58 | |
| CVE-2007-0099 | 9.3 |
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in
|
16-10-2018 - 16:31 | 08-01-2007 - 20:28 | |
| CVE-2007-0132 | 7.5 |
SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
16-10-2018 - 16:31 | 09-01-2007 - 11:28 | |
| CVE-2007-0130 | 7.5 |
SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
16-10-2018 - 16:31 | 09-01-2007 - 11:28 | |
| CVE-2007-0134 | 7.5 |
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE anal
|
16-10-2018 - 16:31 | 09-01-2007 - 11:28 | |
| CVE-2007-0051 | 6.8 |
Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.
|
16-10-2018 - 16:30 | 04-01-2007 - 18:28 | |
| CVE-2007-0029 | 9.3 |
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
|
16-10-2018 - 16:30 | 09-01-2007 - 23:28 | |
| CVE-2006-1311 | 9.3 |
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute ar
|
12-10-2018 - 21:39 | 13-02-2007 - 20:28 | |
| CVE-2017-1548 | 5.0 |
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131
|
20-12-2017 - 20:28 | 11-12-2017 - 21:29 | |
| CVE-2017-1497 | 4.3 |
IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695.
|
18-12-2017 - 13:28 | 07-12-2017 - 15:29 | |
| CVE-2001-0141 | 1.2 |
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
|
10-10-2017 - 01:29 | 12-03-2001 - 05:00 | |
| CVE-2015-0402 | 4.3 |
Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - COM.
|
08-09-2017 - 01:29 | 21-01-2015 - 18:59 | |
| CVE-2008-5645 | 7.8 |
Directory traversal vulnerability in the media server in Orb Networks Orb before 2.01.0022 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP GET request.
|
08-08-2017 - 01:33 | 17-12-2008 - 18:30 | |
| CVE-2007-0131 | 7.5 |
JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki.
|
29-07-2017 - 01:29 | 09-01-2007 - 11:28 | |
| CVE-2006-4579 | 5.0 |
Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. (dot dot) in the language parameter.
|
20-07-2017 - 01:33 | 31-12-2006 - 05:00 | |
| CVE-2006-4576 | 6.8 |
Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer.
|
20-07-2017 - 01:33 | 31-12-2006 - 05:00 | |
| CVE-2006-4581 | 5.0 |
Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts.
|
20-07-2017 - 01:33 | 31-12-2006 - 05:00 | |
| CVE-2006-4578 | 7.5 |
export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information.
|
20-07-2017 - 01:33 | 31-12-2006 - 05:00 | |
| CVE-2006-4575 | 7.5 |
Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass,
|
20-07-2017 - 01:33 | 31-12-2006 - 05:00 | |
| CVE-2006-4577 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4)
|
20-07-2017 - 01:33 | 31-12-2006 - 05:00 | |
| CVE-2006-4580 | 7.5 |
register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm".
|
20-07-2017 - 01:33 | 31-12-2006 - 05:00 |