Max CVSS 10.0 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2005-3192 7.5
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitra
19-10-2018 - 15:35 08-12-2005 - 01:03
CVE-2006-3557 5.0
MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
18-10-2018 - 16:47 13-07-2006 - 00:05
CVE-2007-1305 6.8
Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.
16-10-2018 - 16:37 07-03-2007 - 00:19
CVE-2007-1304 6.8
Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message para
16-10-2018 - 16:37 07-03-2007 - 00:19
CVE-2007-1291 5.8
Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.
16-10-2018 - 16:37 07-03-2007 - 00:19
CVE-2007-1289 6.4
SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.
16-10-2018 - 16:37 07-03-2007 - 00:19
CVE-2007-1288 10.0
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4)
16-10-2018 - 16:37 07-03-2007 - 00:19
CVE-2007-1269 5.0
GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote a
16-10-2018 - 16:37 06-03-2007 - 20:19
CVE-2007-1268 5.0
Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attack
16-10-2018 - 16:37 06-03-2007 - 20:19
CVE-2007-1267 5.0
Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote
16-10-2018 - 16:37 06-03-2007 - 20:19
CVE-2007-1266 5.0
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remo
16-10-2018 - 16:37 06-03-2007 - 20:19
CVE-2007-1265 7.8
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attac
16-10-2018 - 16:37 06-03-2007 - 20:19
CVE-2007-1264 5.0
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remot
16-10-2018 - 16:37 06-03-2007 - 20:19
CVE-2007-1263 5.0
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a mes
16-10-2018 - 16:37 06-03-2007 - 20:19
CVE-2007-1140 9.4
Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.
16-10-2018 - 16:36 02-03-2007 - 21:18
CVE-2007-0875 7.5
** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL dat
16-10-2018 - 16:34 12-02-2007 - 19:28
CVE-2006-7131 10.0
PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.
16-10-2018 - 16:29 06-03-2007 - 01:19
CVE-2006-7130 7.5
PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.
16-10-2018 - 16:29 06-03-2007 - 01:19
CVE-2006-7120 10.0
** DISPUTED ** PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be i
16-10-2018 - 16:29 06-03-2007 - 01:19
CVE-2006-7118 7.5
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
16-10-2018 - 16:29 06-03-2007 - 01:19
CVE-2006-7115 7.5
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php
16-10-2018 - 16:29 06-03-2007 - 01:19
CVE-2008-4054 7.5
SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:31 11-09-2008 - 21:06
CVE-2011-1727 4.3
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue.
17-08-2017 - 01:34 03-05-2011 - 20:55
CVE-2011-1726 4.3
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17-08-2017 - 01:34 03-05-2011 - 20:55
CVE-2003-1367 7.8
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.
29-07-2017 - 01:29 31-12-2003 - 05:00
Back to Top Mark selected
Back to Top