| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2005-4360 | 7.8 |
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.d
|
08-11-2021 - 21:45 | 20-12-2005 - 01:03 | |
| CVE-2010-1870 | 5.0 |
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side contex
|
20-10-2020 - 22:15 | 17-08-2010 - 20:00 | |
| CVE-2005-4178 | 6.5 |
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operati
|
30-10-2018 - 16:28 | 12-12-2005 - 21:03 | |
| CVE-2016-3283 | 9.3 |
Microsoft Word Viewer allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
|
12-10-2018 - 22:12 | 13-07-2016 - 01:59 | |
| CVE-2011-3478 | 10.0 |
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to exec
|
06-01-2018 - 02:29 | 25-01-2012 - 15:55 | |
| CVE-2017-13089 | 9.3 |
The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the
|
30-12-2017 - 02:29 | 27-10-2017 - 19:29 | |
| CVE-2008-4525 | 7.5 |
SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action.
|
08-08-2017 - 01:32 | 09-10-2008 - 18:14 | |
| CVE-2006-6474 | 4.6 |
Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code b
|
29-07-2017 - 01:29 | 14-12-2006 - 20:28 | |
| CVE-2005-4432 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter.
|
20-07-2017 - 01:29 | 21-12-2005 - 00:03 | |
| CVE-2004-0992 | 10.0 |
Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer.
|
11-07-2017 - 01:30 | 01-03-2005 - 05:00 | |
| CVE-2005-4413 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message
|
05-09-2008 - 20:56 | 20-12-2005 - 11:03 | |
| CVE-2000-0745 | 7.5 |
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
|
05-09-2008 - 20:21 | 20-10-2000 - 04:00 |