| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-2997 | 7.5 |
Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We
|
11-04-2024 - 00:42 | 04-06-2007 - 17:30 | |
| CVE-2006-5447 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
14-02-2024 - 01:17 | 23-10-2006 - 17:07 | |
| CVE-2006-0232 | 5.0 |
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct request
|
19-10-2018 - 15:43 | 25-04-2006 - 01:02 | |
| CVE-2008-1411 | 5.0 |
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
|
11-10-2018 - 20:33 | 20-03-2008 - 10:44 | |
| CVE-2008-1410 | 4.3 |
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
|
11-10-2018 - 20:33 | 20-03-2008 - 10:44 | |
| CVE-2008-5601 | 5.0 |
User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.
|
29-09-2017 - 01:32 | 16-12-2008 - 19:07 |