| Max CVSS | 9.3 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-4632 | 5.0 |
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path
|
31-12-2018 - 16:37 | 18-10-2018 - 21:29 | |
| CVE-2015-4633 | 7.5 |
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl
|
06-12-2018 - 14:26 | 18-10-2018 - 21:29 | |
| CVE-2015-4631 | 3.5 |
Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-
|
04-12-2018 - 20:01 | 18-10-2018 - 21:29 | |
| CVE-2015-4630 | 6.0 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests th
|
04-12-2018 - 19:59 | 18-10-2018 - 21:29 | |
| CVE-2007-2080 | 7.5 |
Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.
|
11-10-2017 - 01:32 | 18-04-2007 - 03:19 | |
| CVE-2007-2079 | 9.3 |
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long
|
11-10-2017 - 01:32 | 18-04-2007 - 03:19 |