| Max CVSS | 7.6 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-11873 | 7.6 |
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, a
|
23-05-2022 - 17:29 | 15-11-2017 - 03:29 | |
| CVE-2000-0913 | 5.0 |
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
|
06-06-2021 - 11:15 | 19-12-2000 - 05:00 | |
| CVE-2016-5790 | 5.0 |
Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors.
|
08-12-2020 - 18:52 | 15-07-2016 - 16:59 | |
| CVE-2006-1553 | 5.1 |
SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. Successful exploitation requires that the "magic_quotes_
|
18-10-2018 - 16:33 | 31-03-2006 - 11:06 | |
| CVE-2006-1556 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter.
|
18-10-2018 - 16:33 | 31-03-2006 - 11:06 | |
| CVE-2006-1484 | 7.2 |
Genius VideoCAM NB Driver does not drop privileges when saving files, which allows local users to gain privileges by opening arbitrary files via the "save as" dialog.
|
18-10-2018 - 16:32 | 29-03-2006 - 01:06 | |
| CVE-2006-1504 | 5.1 |
Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php. Successful ex
|
18-10-2018 - 16:32 | 30-03-2006 - 01:06 | |
| CVE-2008-6180 | 7.5 |
SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.
|
11-10-2018 - 20:57 | 19-02-2009 - 18:30 | |
| CVE-2006-1495 | 7.5 |
SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option
|
11-10-2017 - 01:30 | 30-03-2006 - 00:06 | |
| CVE-2006-1509 | 4.9 |
/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service. This vulnerability affects all versions of HP-UX B.11.00, B.11.11, an
|
11-10-2017 - 01:30 | 30-03-2006 - 01:06 | |
| CVE-2006-1565 | 4.6 |
Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries i
|
20-07-2017 - 01:30 | 31-03-2006 - 11:06 | |
| CVE-2006-1566 | 4.6 |
Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries
|
20-07-2017 - 01:30 | 31-03-2006 - 11:06 | |
| CVE-2006-1508 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters
|
20-07-2017 - 01:30 | 30-03-2006 - 01:06 | |
| CVE-2006-1430 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID param
|
20-07-2017 - 01:30 | 28-03-2006 - 21:02 | |
| CVE-2006-1564 | 4.6 |
Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain pri
|
20-07-2017 - 01:30 | 31-03-2006 - 11:06 | |
| CVE-2016-5807 | 5.5 |
Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request.
|
28-11-2016 - 20:29 | 15-07-2016 - 16:59 | |
| CVE-2016-5797 | 5.0 |
Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts.
|
28-11-2016 - 20:29 | 15-07-2016 - 16:59 | |
| CVE-2006-6761 | 6.5 |
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. This vulnerability is addressed in the following prod
|
08-03-2011 - 02:46 | 27-12-2006 - 02:28 |