Max CVSS | 10.0 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-20556 | 6.5 |
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.
|
09-05-2019 - 16:29 | 21-03-2019 - 16:00 | |
CVE-2018-17996 | 5.8 |
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
|
22-03-2019 - 14:04 | 21-03-2019 - 16:00 | |
CVE-2018-20010 | 3.5 |
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
|
26-02-2019 - 17:39 | 10-12-2018 - 09:29 | |
CVE-2018-19914 | 3.5 |
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
|
26-02-2019 - 16:31 | 06-12-2018 - 19:29 | |
CVE-2018-20011 | 3.5 |
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
|
26-02-2019 - 16:27 | 10-12-2018 - 09:29 | |
CVE-2018-20009 | 3.5 |
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
|
26-02-2019 - 16:14 | 10-12-2018 - 09:29 | |
CVE-2018-19915 | 3.5 |
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
|
26-02-2019 - 16:07 | 06-12-2018 - 19:29 | |
CVE-2018-11094 | 10.0 |
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/E
|
22-06-2018 - 16:20 | 15-05-2018 - 19:29 | |
CVE-2007-6080 | 7.5 |
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.
|
29-09-2017 - 01:29 | 21-11-2007 - 22:46 | |
CVE-2007-6079 | 6.8 |
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this c
|
29-09-2017 - 01:29 | 21-11-2007 - 22:46 | |
CVE-2010-4934 | 7.5 |
SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
14-05-2012 - 04:00 | 09-10-2011 - 10:55 |