| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-4558 | 7.5 |
DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
|
26-01-2024 - 19:02 | 06-09-2006 - 00:04 | |
| CVE-2009-0182 | 9.3 |
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.
|
22-04-2022 - 18:52 | 20-01-2009 - 16:30 | |
| CVE-2006-0708 | 9.3 |
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an
|
19-10-2018 - 15:45 | 15-02-2006 - 11:06 | |
| CVE-2007-1738 | 6.9 |
TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory,
|
16-10-2018 - 16:40 | 28-03-2007 - 22:19 | |
| CVE-2007-6538 | 7.5 |
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
15-10-2018 - 21:55 | 27-12-2007 - 23:46 | |
| CVE-2009-0181 | 9.3 |
Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters.
|
11-10-2018 - 21:00 | 20-01-2009 - 16:30 | |
| CVE-2008-5922 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.
|
11-10-2018 - 20:56 | 21-01-2009 - 18:30 | |
| CVE-2008-4732 | 7.5 |
SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter.
|
11-10-2018 - 20:52 | 24-10-2008 - 10:30 | |
| CVE-2008-4733 | 4.3 |
Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) se
|
11-10-2018 - 20:52 | 24-10-2008 - 10:30 | |
| CVE-2008-4734 | 7.5 |
Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcr_hidd
|
11-10-2018 - 20:52 | 24-10-2008 - 10:30 | |
| CVE-2009-0175 | 9.3 |
Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an invalid .mp3 file.
|
29-09-2017 - 01:33 | 20-01-2009 - 16:00 | |
| CVE-2008-5921 | 7.5 |
SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
29-09-2017 - 01:32 | 21-01-2009 - 18:30 | |
| CVE-2008-5926 | 7.5 |
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of
|
29-09-2017 - 01:32 | 21-01-2009 - 18:30 | |
| CVE-2008-5918 | 4.3 |
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
29-09-2017 - 01:32 | 21-01-2009 - 02:30 | |
| CVE-2008-5920 | 7.5 |
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. Patch information - http://websvn.tigris.org/
|
29-09-2017 - 01:32 | 21-01-2009 - 02:30 | |
| CVE-2008-5928 | 7.5 |
SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
29-09-2017 - 01:32 | 21-01-2009 - 18:30 | |
| CVE-2008-5927 | 7.5 |
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/
|
29-09-2017 - 01:32 | 21-01-2009 - 18:30 | |
| CVE-2008-5919 | 6.8 |
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.
|
29-09-2017 - 01:32 | 21-01-2009 - 02:30 | |
| CVE-2008-5916 | 4.6 |
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.extern
|
08-08-2017 - 01:33 | 21-01-2009 - 02:30 | |
| CVE-2010-4968 | 7.5 |
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
|
14-02-2012 - 04:02 | 01-11-2011 - 22:55 |