Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-0855 | 4.3 |
The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Dis
|
28-09-2020 - 12:58 | 15-02-2018 - 02:29 | |
CVE-2018-0855 | 4.3 |
The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Dis
|
28-09-2020 - 12:58 | 15-02-2018 - 02:29 | |
CVE-2015-0095 | 5.6 |
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a deni
|
14-05-2019 - 19:53 | 11-03-2015 - 10:59 | |
CVE-2008-2494 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via the l parameter.
|
11-10-2018 - 20:41 | 28-05-2008 - 15:32 | |
CVE-2008-2491 | 7.5 |
SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
11-10-2018 - 20:41 | 28-05-2008 - 15:32 | |
CVE-2008-2495 | 7.5 |
Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to have an unknown impact via a .. (dot dot) in the p parameter.
|
11-10-2018 - 20:41 | 28-05-2008 - 15:32 | |
CVE-2008-2485 | 4.3 |
Cross-site scripting (XSS) vulnerability in the URL redirection script (inc/url_redirection.inc.php) in PCPIN Chat before 6.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
11-10-2018 - 20:41 | 28-05-2008 - 15:32 | |
CVE-2001-0537 | 9.3 |
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
|
10-10-2017 - 01:29 | 21-07-2001 - 04:00 | |
CVE-2008-6334 | 7.8 |
Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
29-09-2017 - 01:33 | 27-02-2009 - 17:30 | |
CVE-2008-6620 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcon
|
17-08-2017 - 01:29 | 06-04-2009 - 18:30 | |
CVE-2008-3249 | 5.1 |
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certi
|
08-08-2017 - 01:31 | 21-07-2008 - 17:41 | |
CVE-2008-2783 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.
|
08-08-2017 - 01:31 | 19-06-2008 - 20:41 | |
CVE-2008-2486 | 10.0 |
Unspecified vulnerability in eMule Plus before 1.2d has unknown impact and attack vectors related to "staticservers.dat processing."
|
08-08-2017 - 01:31 | 28-05-2008 - 15:32 | |
CVE-2008-2517 | 2.1 |
The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.
|
08-08-2017 - 01:31 | 03-06-2008 - 14:32 | |
CVE-2008-2516 | 4.6 |
pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is
|
08-08-2017 - 01:31 | 03-06-2008 - 14:32 | |
CVE-2008-2519 | 6.8 |
Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be levera
|
08-08-2017 - 01:31 | 03-06-2008 - 14:32 | |
CVE-2005-0949 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter.
|
11-07-2017 - 01:32 | 02-05-2005 - 04:00 | |
CVE-2005-0948 | 7.5 |
SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter.
|
11-07-2017 - 01:32 | 02-05-2005 - 04:00 | |
CVE-2016-6535 | 10.0 |
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session.
|
28-11-2016 - 20:33 | 19-09-2016 - 01:59 | |
CVE-2016-6537 | 5.0 |
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading t
|
28-11-2016 - 20:33 | 19-09-2016 - 01:59 | |
CVE-2016-6536 | 10.0 |
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.
|
28-11-2016 - 20:33 | 19-09-2016 - 01:59 |