| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-2491 | 6.8 |
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is
|
18-10-2018 - 16:40 | 19-05-2006 - 23:02 | |
| CVE-2006-5299 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
17-10-2018 - 21:42 | 17-10-2006 - 15:07 | |
| CVE-2007-2815 | 10.0 |
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access pr
|
16-10-2018 - 16:45 | 22-05-2007 - 19:30 | |
| CVE-2008-1283 | 4.3 |
Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page.
|
11-10-2018 - 20:31 | 11-03-2008 - 00:44 | |
| CVE-2008-5560 | 5.0 |
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
|
29-09-2017 - 01:32 | 15-12-2008 - 18:00 | |
| CVE-2008-5559 | 7.5 |
SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
29-09-2017 - 01:32 | 15-12-2008 - 18:00 |