| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-0490 | 7.5 |
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
29-09-2017 - 01:30 | 30-01-2008 - 22:00 | |
| CVE-2003-1488 | 6.4 |
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2006-0532 | 4.3 |
Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker Shop allows remote attackers to inject arbitrary web script or HTML via a strSok parameter containing a javascript: URI in an IMG SRC attribute.
|
20-07-2017 - 01:29 | 04-02-2006 - 00:06 | |
| CVE-2003-1489 | 5.0 |
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
|
18-10-2016 - 02:39 | 31-12-2003 - 05:00 | |
| CVE-2012-1611 | 5.0 |
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.
|
03-10-2013 - 18:31 | 06-09-2012 - 21:55 | |
| CVE-2012-1612 | 4.3 |
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
07-09-2012 - 13:46 | 06-09-2012 - 21:55 |