Max CVSS 9.3 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2006-0786 5.1
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps
18-10-2018 - 16:29 19-02-2006 - 11:02
CVE-2006-4284 7.5
SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
17-10-2018 - 21:34 22-08-2006 - 17:04
CVE-2007-1495 4.9
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling Devic
16-10-2018 - 16:38 16-03-2007 - 22:19
CVE-2007-6364 4.3
Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLMForo System allows remote authenticated users to inject arbitrary web script or HTML via a signature.
15-10-2018 - 21:52 15-12-2007 - 01:46
CVE-2008-4653 7.5
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party infor
29-09-2017 - 01:32 22-10-2008 - 00:11
CVE-2008-4652 9.3
Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property.
29-09-2017 - 01:32 22-10-2008 - 00:11
CVE-2008-4650 7.5
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
29-09-2017 - 01:32 22-10-2008 - 00:11
CVE-2008-4645 9.0
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
29-09-2017 - 01:32 22-10-2008 - 00:11
CVE-2008-4644 7.5
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
29-09-2017 - 01:32 22-10-2008 - 00:11
CVE-2008-4643 7.5
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
29-09-2017 - 01:32 22-10-2008 - 00:11
CVE-2008-4632 6.8
Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters.
29-09-2017 - 01:32 21-10-2008 - 01:18
CVE-2008-4624 9.3
PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.
29-09-2017 - 01:32 21-10-2008 - 01:18
CVE-2008-4623 7.5
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
29-09-2017 - 01:32 21-10-2008 - 01:18
CVE-2008-4622 7.5
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
29-09-2017 - 01:32 21-10-2008 - 01:18
CVE-2008-4621 7.5
SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.
29-09-2017 - 01:32 21-10-2008 - 01:18
CVE-2008-4620 7.5
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
29-09-2017 - 01:32 21-10-2008 - 01:18
CVE-2010-4910 7.5
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.
29-08-2017 - 01:29 08-10-2011 - 10:55
Back to Top Mark selected
Back to Top