| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-1477 | 7.5 |
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, s
|
11-04-2024 - 00:41 | 16-03-2007 - 21:19 | |
| CVE-2006-4272 | 7.5 |
Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If y
|
11-04-2024 - 00:40 | 21-08-2006 - 21:04 | |
| CVE-2006-0713 | 5.0 |
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_ins
|
19-10-2018 - 15:45 | 15-02-2006 - 11:06 | |
| CVE-2007-6297 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck
|
15-10-2018 - 21:51 | 10-12-2007 - 18:46 | |
| CVE-2007-6296 | 5.0 |
PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.
|
15-10-2018 - 21:51 | 10-12-2007 - 18:46 | |
| CVE-2008-4113 | 4.7 |
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit
|
11-10-2018 - 20:50 | 16-09-2008 - 23:00 | |
| CVE-2008-3950 | 5.0 |
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScr
|
11-10-2018 - 20:50 | 16-09-2008 - 23:00 | |
| CVE-2008-4110 | 7.6 |
Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a
|
11-10-2018 - 20:50 | 16-09-2008 - 22:00 | |
| CVE-2008-2468 | 10.0 |
Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringTo
|
11-10-2018 - 20:41 | 18-09-2008 - 15:04 | |
| CVE-2008-2437 | 10.0 |
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP reque
|
11-10-2018 - 20:41 | 16-09-2008 - 22:00 | |
| CVE-2008-1093 | 9.3 |
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Troja
|
11-10-2018 - 20:29 | 18-09-2008 - 15:04 | |
| CVE-2010-4868 | 4.3 |
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
|
10-10-2018 - 20:08 | 05-10-2011 - 10:55 | |
| CVE-2010-4867 | 7.5 |
Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter.
|
10-10-2018 - 20:08 | 05-10-2011 - 10:55 | |
| CVE-2008-4574 | 7.5 |
SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
|
29-09-2017 - 01:32 | 15-10-2008 - 20:00 | |
| CVE-2008-4115 | 5.0 |
TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
|
29-09-2017 - 01:32 | 16-09-2008 - 23:00 | |
| CVE-2008-4346 | 7.5 |
Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371.
|
29-09-2017 - 01:32 | 30-09-2008 - 18:15 | |
| CVE-2008-4090 | 7.5 |
SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672.
|
29-09-2017 - 01:31 | 15-09-2008 - 17:12 | |
| CVE-2008-4092 | 7.5 |
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.
|
29-09-2017 - 01:31 | 15-09-2008 - 17:12 | |
| CVE-2008-3195 | 6.8 |
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, an
|
29-09-2017 - 01:31 | 18-09-2008 - 15:04 | |
| CVE-2008-4112 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3195. Reason: This candidate is a duplicate of CVE-2008-3195. Notes: All CVE users should reference CVE-2008-3195 instead of this candidate. All references and descriptions in t
|
24-09-2008 - 05:41 | 16-09-2008 - 23:00 |