Max CVSS 10.0 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2006-3226 7.5
Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via variou
18-10-2018 - 16:46 26-06-2006 - 16:05
CVE-2006-4766 5.0
Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter.
17-10-2018 - 21:39 13-09-2006 - 23:07
CVE-2006-4777 7.6
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary cod
17-10-2018 - 21:39 14-09-2006 - 00:07
CVE-2006-4763 7.5
IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie.
17-10-2018 - 21:39 13-09-2006 - 23:07
CVE-2006-4771 4.3
Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter.
17-10-2018 - 21:39 14-09-2006 - 00:07
CVE-2006-4772 5.0
HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc.
17-10-2018 - 21:39 14-09-2006 - 00:07
CVE-2006-4780 7.5
PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
17-10-2018 - 21:39 14-09-2006 - 10:07
CVE-2006-4765 5.0
NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window.
17-10-2018 - 21:39 13-09-2006 - 23:07
CVE-2006-4764 7.5
PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
17-10-2018 - 21:39 13-09-2006 - 23:07
CVE-2006-4796 4.3
Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable).
17-10-2018 - 21:39 14-09-2006 - 21:07
CVE-2007-0312 7.8
wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.
16-10-2018 - 16:32 18-01-2007 - 00:28
CVE-2007-5032 5.1
Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters.
15-10-2018 - 21:40 21-09-2007 - 19:17
CVE-2010-1552 10.0
Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.
10-10-2018 - 19:57 13-05-2010 - 17:30
CVE-2008-3681 7.5
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
29-09-2017 - 01:31 14-08-2008 - 19:41
CVE-2006-4798 5.0
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.
20-07-2017 - 01:33 14-09-2006 - 21:07
CVE-2005-4424 6.5
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename
20-07-2017 - 01:29 20-12-2005 - 11:03
Back to Top Mark selected
Back to Top