Max CVSS 10.0 Min CVSS 1.7 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2011-3640 7.1
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE:
21-03-2024 - 02:20 28-10-2011 - 02:49
CVE-2008-5749 6.8
Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "w
21-03-2024 - 02:17 29-12-2008 - 15:24
CVE-2006-4465 10.0
Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explor
21-03-2024 - 02:15 31-08-2006 - 20:04
CVE-2007-2411 7.5
PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not
21-03-2024 - 02:15 01-05-2007 - 10:19
CVE-2007-1679 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been
21-03-2024 - 02:15 26-03-2007 - 23:19
CVE-2006-4523 5.0
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request.
14-02-2024 - 01:17 01-09-2006 - 23:04
CVE-2007-1302 6.8
SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.
14-02-2024 - 01:17 07-03-2007 - 00:19
CVE-2008-5748 4.3
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
26-01-2024 - 17:48 29-12-2008 - 15:24
CVE-2011-1478 5.7
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of servic
13-02-2023 - 04:29 23-10-2011 - 10:55
CVE-2008-2938 4.3
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequence
13-02-2023 - 02:19 13-08-2008 - 00:41
CVE-2007-5342 6.4
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and ov
13-02-2023 - 02:18 27-12-2007 - 22:46
CVE-2008-2382 5.0
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
02-11-2020 - 14:39 24-12-2008 - 18:29
CVE-2007-5400 9.3
Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file.
30-10-2018 - 16:25 28-07-2008 - 17:41
CVE-2008-5882 7.5
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands vi
30-10-2018 - 16:25 09-01-2009 - 18:30
CVE-2008-5733 7.5
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
30-10-2018 - 16:25 26-12-2008 - 17:30
CVE-2006-2572 2.6
Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.
19-10-2018 - 15:46 24-05-2006 - 23:02
CVE-2006-0771 6.4
Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifie
19-10-2018 - 15:46 18-02-2006 - 21:02
CVE-2006-0777 7.5
Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters.
19-10-2018 - 15:46 19-02-2006 - 00:02
CVE-2006-0527 7.5
BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack.
19-10-2018 - 15:45 02-02-2006 - 11:02
CVE-2006-0300 5.1
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
19-10-2018 - 15:44 24-02-2006 - 00:02
CVE-2006-0001 9.3
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
19-10-2018 - 15:41 12-09-2006 - 23:07
CVE-2005-3525 9.3
Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.
19-10-2018 - 15:36 31-12-2005 - 05:00
CVE-2005-3505 4.3
Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>,
19-10-2018 - 15:36 05-11-2005 - 11:02
CVE-2004-2761 5.0
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. There are
19-10-2018 - 15:30 05-01-2009 - 20:30
CVE-2003-1532 7.5
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.
19-10-2018 - 15:29 31-12-2003 - 05:00
CVE-2008-4715 7.5
SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
18-10-2018 - 19:37 23-10-2008 - 17:17
CVE-2006-2858 7.5
SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1.05e allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
18-10-2018 - 16:43 06-06-2006 - 20:06
CVE-2006-2234 6.8
Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode tag
18-10-2018 - 16:38 05-05-2006 - 19:02
CVE-2006-1538 4.9
The Enova X-Wall ASIC encrypts with a key obtained via Microwire from a serial EEPROM that stores the key in cleartext, which allows local users with physical access to obtain the key by reading and duplicating an EEPROM that is located on a hardware
18-10-2018 - 16:33 30-03-2006 - 11:02
CVE-2006-1102 5.0
Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents
18-10-2018 - 16:30 09-03-2006 - 13:06
CVE-2006-0932 5.0
Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive.
18-10-2018 - 16:29 28-02-2006 - 11:02
CVE-2006-0921 6.4
Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFolders
18-10-2018 - 16:29 28-02-2006 - 11:02
CVE-2006-0920 1.7
Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the pass
18-10-2018 - 16:29 28-02-2006 - 11:02
CVE-2006-0898 2.6
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.
18-10-2018 - 16:29 25-02-2006 - 11:02
CVE-2006-0922 5.0
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that all
18-10-2018 - 16:29 28-02-2006 - 11:02
CVE-2006-0918 7.5
Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field.
18-10-2018 - 16:29 28-02-2006 - 11:02
CVE-2006-6640 6.8
Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login pag
17-10-2018 - 21:49 19-12-2006 - 20:28
CVE-2006-6231 5.0
vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message.
17-10-2018 - 21:47 02-12-2006 - 02:28
CVE-2006-6230 7.5
SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962.
17-10-2018 - 21:47 02-12-2006 - 02:28
CVE-2006-5895 7.5
PHP remote file inclusion vulnerability in core/core.php in EncapsCMS 0.3.6 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
17-10-2018 - 21:45 14-11-2006 - 22:07
CVE-2006-5431 7.5
PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appDirName parameter.
17-10-2018 - 21:42 20-10-2006 - 17:07
CVE-2006-5066 5.1
Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php.
17-10-2018 - 21:40 28-09-2006 - 00:07
CVE-2006-4462 7.5
Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php.
17-10-2018 - 21:37 31-08-2006 - 20:04
CVE-2006-4501 7.5
SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters.
17-10-2018 - 21:37 31-08-2006 - 22:04
CVE-2006-4529 7.5
SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter.
17-10-2018 - 21:37 01-09-2006 - 23:04
CVE-2006-4530 7.5
Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php.
17-10-2018 - 21:37 01-09-2006 - 23:04
CVE-2006-4464 5.0
The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.
17-10-2018 - 21:37 31-08-2006 - 20:04
CVE-2006-4528 4.3
Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php.
17-10-2018 - 21:37 01-09-2006 - 23:04
CVE-2006-4497 7.5
SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
17-10-2018 - 21:37 31-08-2006 - 22:04
CVE-2006-4502 7.5
ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script.
17-10-2018 - 21:37 31-08-2006 - 22:04
CVE-2006-4500 4.3
Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc,
17-10-2018 - 21:37 31-08-2006 - 22:04
CVE-2006-4463 7.5
SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password field).
17-10-2018 - 21:37 31-08-2006 - 20:04
CVE-2006-4524 7.5
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party infor
17-10-2018 - 21:37 01-09-2006 - 23:04
CVE-2006-4487 5.0
DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.
17-10-2018 - 21:37 31-08-2006 - 22:04
CVE-2006-4350 7.5
SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
17-10-2018 - 21:36 24-08-2006 - 21:04
CVE-2006-4351 6.8
Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
17-10-2018 - 21:36 24-08-2006 - 21:04
CVE-2006-4036 7.5
PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
17-10-2018 - 21:33 09-08-2006 - 22:04
CVE-2006-3752 7.5
Multiple SQL injection vulnerabilities in class.php in Professional Home Page Tools Guestbook allow remote attackers to execute arbitrary SQL commands via the (1) hidemail, (2) name, (3) mail, (4) ip, or (5) text parameters.
17-10-2018 - 21:29 21-07-2006 - 14:03
CVE-2007-3489 9.3
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, a
16-10-2018 - 16:50 29-06-2007 - 18:30
CVE-2007-2962 4.3
Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter.
16-10-2018 - 16:46 31-05-2007 - 23:30
CVE-2007-1968 6.8
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter.
16-10-2018 - 16:41 11-04-2007 - 10:19
CVE-2007-1714 6.8
Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter.
16-10-2018 - 16:40 27-03-2007 - 21:19
CVE-2007-1678 4.3
Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler.
16-10-2018 - 16:40 26-03-2007 - 23:19
CVE-2007-1735 9.3
Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.
16-10-2018 - 16:40 28-03-2007 - 22:19
CVE-2007-1728 7.8
The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets.
16-10-2018 - 16:40 28-03-2007 - 10:19
CVE-2007-1733 10.0
Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.
16-10-2018 - 16:40 28-03-2007 - 22:19
CVE-2007-1730 6.6
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
16-10-2018 - 16:40 28-03-2007 - 10:19
CVE-2007-1736 7.5
Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
16-10-2018 - 16:40 28-03-2007 - 22:19
CVE-2007-1729 7.5
SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php.
16-10-2018 - 16:40 28-03-2007 - 10:19
CVE-2007-1737 7.5
Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
16-10-2018 - 16:40 28-03-2007 - 22:19
CVE-2007-1723 6.8
Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) dom
16-10-2018 - 16:40 28-03-2007 - 00:19
CVE-2007-1499 4.3
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the locatio
16-10-2018 - 16:38 17-03-2007 - 10:19
CVE-2007-0919 7.8
Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.
16-10-2018 - 16:35 14-02-2007 - 11:28
CVE-2006-6936 6.8
Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032.
16-10-2018 - 16:29 17-01-2007 - 00:28
CVE-2006-6937 7.5
SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.
16-10-2018 - 16:29 17-01-2007 - 00:28
CVE-2008-0748 10.0
Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging
15-10-2018 - 22:02 13-02-2008 - 20:00
CVE-2008-0288 7.5
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as
15-10-2018 - 21:58 16-01-2008 - 02:00
CVE-2008-0067 10.0
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to t
15-10-2018 - 21:57 08-01-2009 - 19:30
CVE-2007-6539 6.8
PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.
15-10-2018 - 21:55 27-12-2007 - 23:46
CVE-2007-6541 4.3
Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive ac
15-10-2018 - 21:55 27-12-2007 - 23:46
CVE-2007-6533 7.5
Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message
15-10-2018 - 21:55 27-12-2007 - 23:46
CVE-2007-6528 5.0
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
15-10-2018 - 21:55 27-12-2007 - 22:46
CVE-2007-6537 6.8
Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz a
15-10-2018 - 21:55 27-12-2007 - 23:46
CVE-2007-6574 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2)
15-10-2018 - 21:55 28-12-2007 - 21:46
CVE-2007-6540 7.5
SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/.
15-10-2018 - 21:55 27-12-2007 - 23:46
CVE-2007-6526 4.3
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
15-10-2018 - 21:54 27-12-2007 - 22:46
CVE-2007-6523 7.8
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks.
15-10-2018 - 21:54 24-12-2007 - 20:46
CVE-2007-6515 7.5
support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.
15-10-2018 - 21:54 21-12-2007 - 22:46
CVE-2007-6378 7.5
Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter.
15-10-2018 - 21:52 15-12-2007 - 01:46
CVE-2007-6379 5.0
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.
15-10-2018 - 21:52 15-12-2007 - 01:46
CVE-2007-6377 7.5
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
15-10-2018 - 21:52 15-12-2007 - 01:46
CVE-2007-4918 7.5
SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php.
15-10-2018 - 21:38 17-09-2007 - 17:17
CVE-2007-4600 4.6
The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this el
15-10-2018 - 21:36 18-10-2007 - 20:17
CVE-2007-4108 7.5
SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
15-10-2018 - 21:33 31-07-2007 - 10:17
CVE-2009-0043 10.0
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
11-10-2018 - 20:59 08-01-2009 - 19:30
CVE-2008-5735 9.3
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
11-10-2018 - 20:56 26-12-2008 - 18:30
CVE-2008-5750 6.8
Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
11-10-2018 - 20:56 29-12-2008 - 15:24
CVE-2008-5792 6.8
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogo
11-10-2018 - 20:56 31-12-2008 - 11:30
CVE-2008-5828 5.0
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2)
11-10-2018 - 20:56 02-01-2009 - 19:30
CVE-2008-5731 4.9
The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request th
11-10-2018 - 20:56 26-12-2008 - 17:30
CVE-2008-5853 5.0
Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc o
11-10-2018 - 20:56 06-01-2009 - 17:30
CVE-2008-5810 10.0
WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during tempor
11-10-2018 - 20:56 02-01-2009 - 18:11
CVE-2008-5715 5.0
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions
11-10-2018 - 20:56 24-12-2008 - 18:29
CVE-2008-5787 5.4
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
11-10-2018 - 20:56 31-12-2008 - 11:30
CVE-2008-5869 4.3
Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID.
11-10-2018 - 20:56 08-01-2009 - 18:30
CVE-2008-5866 10.0
The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables.
11-10-2018 - 20:56 07-01-2009 - 20:30
CVE-2008-5745 4.3
Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3
11-10-2018 - 20:56 29-12-2008 - 15:24
CVE-2008-5870 4.3
FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.
11-10-2018 - 20:56 08-01-2009 - 18:30
CVE-2008-5689 7.2
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference. Com
11-10-2018 - 20:56 19-12-2008 - 17:30
CVE-2008-5747 5.0
F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a "corrupted" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorr
11-10-2018 - 20:56 29-12-2008 - 15:24
CVE-2008-5233 4.3
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-5234 9.3
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-5247 4.3
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (div
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-5242 6.8
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitr
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-5238 7.1
Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size fiel
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-5241 4.3
Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-5240 4.3
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-5243 4.3
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (cr
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-5236 9.3
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in d
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-5239 4.3
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cau
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-5237 10.0
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the
11-10-2018 - 20:54 26-11-2008 - 01:30
CVE-2008-4730 4.3
Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_trust_root parameter and an inconsistent openid_return_to parameter, which is not properly handled in an
11-10-2018 - 20:52 24-10-2008 - 10:30
CVE-2008-4827 9.3
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for Active
11-10-2018 - 20:52 08-01-2009 - 19:30
CVE-2008-3862 10.0
Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request
11-10-2018 - 20:50 23-10-2008 - 22:00
CVE-2008-4121 4.3
Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofri
11-10-2018 - 20:50 21-10-2008 - 18:00
CVE-2008-3863 7.6
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a
11-10-2018 - 20:50 23-10-2008 - 22:00
CVE-2008-2787 4.3
Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.
11-10-2018 - 20:43 20-06-2008 - 11:48
CVE-2008-2434 9.3
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for c
11-10-2018 - 20:41 23-12-2008 - 18:30
CVE-2008-2026 4.3
Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE
11-10-2018 - 20:38 30-04-2008 - 14:10
CVE-2008-1357 5.4
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash
11-10-2018 - 20:31 17-03-2008 - 17:44
CVE-2010-4983 7.5
SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
10-10-2018 - 20:08 01-11-2011 - 22:55
CVE-2010-4980 7.5
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
10-10-2018 - 20:08 01-11-2011 - 22:55
CVE-2010-5002 4.3
Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.
10-10-2018 - 20:08 01-11-2011 - 22:55
CVE-2011-0761 5.0
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddi
09-10-2018 - 19:29 13-05-2011 - 17:05
CVE-2009-0108 7.5
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.
29-09-2017 - 01:33 09-01-2009 - 18:30
CVE-2009-0111 7.5
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
29-09-2017 - 01:33 09-01-2009 - 18:30
CVE-2009-0113 5.0
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
29-09-2017 - 01:33 09-01-2009 - 18:30
CVE-2009-0104 7.5
SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action.
29-09-2017 - 01:33 09-01-2009 - 18:30
CVE-2009-0103 7.5
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/t
29-09-2017 - 01:33 09-01-2009 - 18:30
CVE-2009-0105 4.3
Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action.
29-09-2017 - 01:33 09-01-2009 - 18:30
CVE-2009-0110 7.5
SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
29-09-2017 - 01:33 09-01-2009 - 18:30
CVE-2009-0109 7.5
SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
29-09-2017 - 01:33 09-01-2009 - 18:30
CVE-2008-5770 4.3
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5752 4.3
Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter.
29-09-2017 - 01:32 30-12-2008 - 17:30
CVE-2008-5728 5.1
Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system
29-09-2017 - 01:32 26-12-2008 - 17:30
CVE-2008-5771 7.5
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5761 4.3
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Fo
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5772 7.5
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-4736 7.5
SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter.
29-09-2017 - 01:32 24-10-2008 - 10:30
CVE-2008-5878 5.1
Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. (dot dot
29-09-2017 - 01:32 08-01-2009 - 19:30
CVE-2008-5785 7.5
SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-5725 7.2
The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory
29-09-2017 - 01:32 26-12-2008 - 17:30
CVE-2008-5864 7.5
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails a
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5816 7.5
SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.
29-09-2017 - 01:32 02-01-2009 - 18:11
CVE-2008-5762 5.0
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.t
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5732 7.5
Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
29-09-2017 - 01:32 26-12-2008 - 17:30
CVE-2008-4425 8.8
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.
29-09-2017 - 01:32 03-10-2008 - 22:22
CVE-2008-5779 7.5
SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5859 5.1
SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the show_page parameter.
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5855 5.0
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5780 5.0
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5766 7.5
SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5764 9.3
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5777 7.5
SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5705 9.3
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument.
29-09-2017 - 01:32 22-12-2008 - 15:30
CVE-2008-5820 7.5
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
29-09-2017 - 01:32 02-01-2009 - 18:11
CVE-2008-5811 7.5
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
29-09-2017 - 01:32 02-01-2009 - 18:11
CVE-2008-5804 7.5
SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-4713 7.5
SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter.
29-09-2017 - 01:32 23-10-2008 - 17:17
CVE-2008-4706 7.5
SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php.
29-09-2017 - 01:32 23-10-2008 - 17:17
CVE-2008-5789 7.5
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-5767 7.5
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5755 9.3
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.
29-09-2017 - 01:32 30-12-2008 - 17:30
CVE-2008-5730 7.5
Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file.
29-09-2017 - 01:32 26-12-2008 - 17:30
CVE-2008-4880 7.5
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
29-09-2017 - 01:32 04-11-2008 - 00:57
CVE-2008-5851 7.5
SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to execute arbitrary SQL commands via the seasonID parameter.
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5753 9.3
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
29-09-2017 - 01:32 30-12-2008 - 17:30
CVE-2008-5742 4.0
Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the
29-09-2017 - 01:32 26-12-2008 - 20:30
CVE-2008-5712 5.0
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR elem
29-09-2017 - 01:32 24-12-2008 - 18:29
CVE-2008-5738 7.5
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information.
29-09-2017 - 01:32 26-12-2008 - 18:30
CVE-2008-5863 7.5
SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action.
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5729 4.3
Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admi
29-09-2017 - 01:32 26-12-2008 - 17:30
CVE-2008-5841 7.5
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action
29-09-2017 - 01:32 05-01-2009 - 16:30
CVE-2008-5815 7.5
SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:32 02-01-2009 - 18:11
CVE-2008-5782 7.5
SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-5854 4.3
Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register act
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5852 5.0
Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb.
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5840 7.5
PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1.
29-09-2017 - 01:32 05-01-2009 - 16:30
CVE-2008-5818 6.8
Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details
29-09-2017 - 01:32 02-01-2009 - 18:11
CVE-2008-5572 5.0
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.
29-09-2017 - 01:32 15-12-2008 - 18:00
CVE-2008-5868 9.3
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user-assisted attackers to execute arbitrary code via a long ProxyLogin value in a configuration (.cfg) file.
29-09-2017 - 01:32 08-01-2009 - 18:30
CVE-2008-5819 6.8
Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these detail
29-09-2017 - 01:32 02-01-2009 - 18:11
CVE-2008-5794 5.0
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-5783 7.5
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-5727 6.8
SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string.
29-09-2017 - 01:32 26-12-2008 - 17:30
CVE-2008-5817 6.8
Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.
29-09-2017 - 01:32 02-01-2009 - 18:11
CVE-2008-5793 6.8
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-5788 7.5
SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-5773 5.0
Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5885 5.0
The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOT
29-09-2017 - 01:32 12-01-2009 - 20:00
CVE-2008-5881 7.5
Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) them
29-09-2017 - 01:32 09-01-2009 - 18:30
CVE-2008-5873 7.5
Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username.
29-09-2017 - 01:32 08-01-2009 - 18:30
CVE-2008-5862 5.0
Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI.
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5739 7.5
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
29-09-2017 - 01:32 26-12-2008 - 18:30
CVE-2008-5879 4.3
Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors.
29-09-2017 - 01:32 08-01-2009 - 19:30
CVE-2008-5877 6.8
Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id paramet
29-09-2017 - 01:32 08-01-2009 - 19:30
CVE-2008-5860 5.1
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal seque
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5768 7.5
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5751 7.5
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
29-09-2017 - 01:32 30-12-2008 - 17:30
CVE-2008-5708 7.5
redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.
29-09-2017 - 01:32 24-12-2008 - 18:29
CVE-2008-5806 7.5
SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from thir
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-5781 7.5
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-4711 6.8
SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php
29-09-2017 - 01:32 23-10-2008 - 17:17
CVE-2008-4426 4.3
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
29-09-2017 - 01:32 03-10-2008 - 22:22
CVE-2008-5886 5.0
TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: s
29-09-2017 - 01:32 12-01-2009 - 20:00
CVE-2008-5880 7.5
admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".
29-09-2017 - 01:32 08-01-2009 - 19:30
CVE-2008-5875 7.5
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
29-09-2017 - 01:32 08-01-2009 - 19:30
CVE-2008-5726 7.5
SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:32 26-12-2008 - 17:30
CVE-2008-5722 10.0
Buffer overflow in SAWStudio 3.9i allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long SAWSTUDIO PREFERENCES STRUCT value in a .prf (preferences) file.
29-09-2017 - 01:32 26-12-2008 - 17:30
CVE-2008-5883 7.8
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.
29-09-2017 - 01:32 12-01-2009 - 20:00
CVE-2008-5865 7.5
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to inde
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5861 5.0
Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read arbitrary files via directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.
29-09-2017 - 01:32 06-01-2009 - 17:30
CVE-2008-5847 2.6
Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
29-09-2017 - 01:32 05-01-2009 - 20:30
CVE-2008-5803 7.5
SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information.
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-5775 7.5
SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5706 6.9
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.
29-09-2017 - 01:32 22-12-2008 - 15:30
CVE-2008-5778 7.5
SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
29-09-2017 - 01:32 30-12-2008 - 20:30
CVE-2008-5756 9.3
Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.
29-09-2017 - 01:32 30-12-2008 - 17:30
CVE-2008-5737 7.5
SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.
29-09-2017 - 01:32 26-12-2008 - 18:30
CVE-2008-5711 9.3
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.
29-09-2017 - 01:32 24-12-2008 - 18:29
CVE-2008-4712 6.8
Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the plugin parameter.
29-09-2017 - 01:32 23-10-2008 - 17:17
CVE-2008-4073 7.5
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
29-09-2017 - 01:31 15-09-2008 - 15:14
CVE-2008-2469 10.0
Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.
29-09-2017 - 01:31 23-10-2008 - 22:00
CVE-2010-4974 7.5
SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-08-2017 - 01:29 01-11-2011 - 22:55
CVE-2010-4916 7.5
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
29-08-2017 - 01:29 08-10-2011 - 10:55
CVE-2010-4976 4.3
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third part
29-08-2017 - 01:29 01-11-2011 - 22:55
CVE-2009-0112 6.8
Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters.
08-08-2017 - 01:33 09-01-2009 - 18:30
CVE-2006-3239 7.5
SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter.
20-07-2017 - 01:32 27-06-2006 - 10:05
CVE-2005-4449 4.0
verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally as
20-07-2017 - 01:29 21-12-2005 - 11:03
CVE-2005-3655 7.5
Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter.
11-07-2017 - 01:33 31-12-2005 - 05:00
CVE-2005-2758 10.0
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
11-07-2017 - 01:32 05-10-2005 - 19:02
CVE-2010-2861 7.5
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/sett
24-09-2013 - 03:39 11-08-2010 - 18:47
CVE-2011-3167 10.0
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
15-02-2012 - 04:09 02-11-2011 - 17:55
CVE-2011-3166 10.0
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.
15-02-2012 - 04:09 02-11-2011 - 17:55
CVE-2011-3165 10.0
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.
15-02-2012 - 04:09 02-11-2011 - 17:55
CVE-2011-1774 8.8
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
14-02-2012 - 04:06 21-07-2011 - 23:55
CVE-2010-4913 4.3
Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party informa
14-02-2012 - 04:02 08-10-2011 - 10:55
CVE-2009-3999 10.0
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
14-02-2012 - 03:49 20-01-2010 - 22:30
CVE-2011-2404 7.5
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability
14-01-2012 - 03:54 11-08-2011 - 22:55
CVE-2006-0930 4.0
Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter.
08-03-2011 - 02:31 28-02-2006 - 11:02
CVE-2007-4433 4.3
Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field.
15-11-2008 - 06:57 20-08-2007 - 19:17
Back to Top Mark selected
Back to Top