| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-16562 | 7.5 |
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to
|
03-10-2019 - 00:03 | 10-11-2017 - 02:29 | |
| CVE-2007-0298 | 6.8 |
PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter.
|
16-10-2018 - 16:32 | 17-01-2007 - 11:28 | |
| CVE-2014-0794 | 4.3 |
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
|
09-10-2018 - 19:42 | 26-01-2014 - 20:55 | |
| CVE-2014-0793 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to
|
09-10-2018 - 19:42 | 30-01-2014 - 18:55 | |
| CVE-2013-7246 | 9.3 |
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
|
29-08-2017 - 01:34 | 30-01-2014 - 18:55 | |
| CVE-2013-6040 | 9.3 |
Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls allow remote attackers to execute arbitrary code via a crafted HTML document.
|
07-08-2015 - 17:41 | 21-01-2014 - 01:55 |