Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-1417 | 6.8 |
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.
|
03-10-2019 - 00:03 | 22-02-2018 - 19:29 | |
CVE-2008-4915 | 6.9 |
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through
|
02-11-2018 - 13:43 | 10-11-2008 - 14:12 | |
CVE-2007-1848 | 4.3 |
Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previ
|
16-10-2018 - 16:40 | 03-04-2007 - 16:19 | |
CVE-2008-5648 | 7.5 |
SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information.
|
19-10-2017 - 01:30 | 17-12-2008 - 18:30 | |
CVE-2005-1155 | 7.5 |
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2008-6349 | 7.5 |
SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
29-09-2017 - 01:33 | 02-03-2009 - 16:30 | |
CVE-2008-6720 | 7.5 |
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field).
|
29-09-2017 - 01:33 | 13-04-2009 - 15:30 | |
CVE-2008-6719 | 7.5 |
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.ph
|
29-09-2017 - 01:33 | 13-04-2009 - 15:30 | |
CVE-2008-6717 | 7.5 |
U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3
|
29-09-2017 - 01:33 | 13-04-2009 - 15:30 | |
CVE-2008-6718 | 7.5 |
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user
|
29-09-2017 - 01:33 | 13-04-2009 - 15:30 | |
CVE-2008-5046 | 7.5 |
SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter.
|
29-09-2017 - 01:32 | 13-11-2008 - 02:30 | |
CVE-2008-5805 | 7.5 |
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828.
|
29-09-2017 - 01:32 | 31-12-2008 - 11:30 | |
CVE-2008-5806 | 7.5 |
SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from thir
|
29-09-2017 - 01:32 | 31-12-2008 - 11:30 | |
CVE-2013-5970 | 7.1 |
hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic.
|
29-08-2017 - 01:33 | 21-10-2013 - 10:54 | |
CVE-2012-2151 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
29-08-2017 - 01:31 | 14-08-2012 - 22:55 | |
CVE-2008-4414 | 7.2 |
Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors.
|
08-08-2017 - 01:32 | 07-11-2008 - 19:35 | |
CVE-2016-4890 | 5.0 |
ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.
|
13-05-2017 - 01:29 | 14-04-2017 - 18:59 | |
CVE-2015-2335 | 5.0 |
A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.
|
03-12-2016 - 03:04 | 18-03-2015 - 14:59 | |
CVE-2008-5230 | 6.8 |
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes
|
03-12-2008 - 05:00 | 25-11-2008 - 23:30 | |
CVE-2001-1150 | 5.0 |
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
|
05-09-2008 - 20:25 | 22-08-2001 - 04:00 |