Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2007-4230 | 7.5 |
BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash
|
17-05-2024 - 00:35 | 08-08-2007 - 22:17 | |
CVE-2012-3503 | 6.5 |
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudFor
|
13-02-2024 - 16:44 | 25-08-2012 - 10:29 | |
CVE-2018-15473 | 5.0 |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-
|
23-02-2023 - 23:13 | 17-08-2018 - 19:29 | |
CVE-2012-0031 | 4.6 |
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memor
|
14-09-2022 - 19:51 | 18-01-2012 - 20:55 | |
CVE-2012-0896 | 5.0 |
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
|
13-07-2020 - 10:51 | 20-01-2012 - 17:55 | |
CVE-2012-0895 | 4.3 |
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
|
13-07-2020 - 10:51 | 20-01-2012 - 17:55 | |
CVE-2010-4407 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters.
|
10-10-2018 - 20:08 | 06-12-2010 - 13:37 | |
CVE-2016-10074 | 7.5 |
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mai
|
04-11-2017 - 01:29 | 30-12-2016 - 19:59 | |
CVE-2012-0389 | 4.3 |
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Usern
|
29-08-2017 - 01:30 | 24-01-2012 - 18:55 | |
CVE-2002-1681 | 6.8 |
Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph <P> tag.
|
11-07-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2015-3923 | 5.0 |
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
|
31-12-2016 - 02:59 | 10-06-2015 - 18:59 | |
CVE-2005-3268 | 2.1 |
yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files.
|
05-09-2008 - 20:53 | 20-10-2005 - 23:02 |